CVE-2014-2888

Name of the Vulnerable Software and Affected Versions sfpagent gem versions prior to 0.4.15

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request. This is possible due to a flaw in the lib/sfpagent/bsig.rb file.

Recommendations For versions prior to 0.4.15, update to version 0.4.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the lib/sfpagent/bsig.rb file to minimize the risk of exploitation. Avoid using the module name in JSON requests that may contain shell metacharacters until the issue is resolved.