rubysec
diff --git a/‎gems/karo/CVE-2014-10075.yml‎
Lines changed: 35 additions & 0 deletions b/‎gems/karo/CVE-2014-10075.yml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎gems/karo/OSVDB-108573.yml‎
Lines changed: 0 additions & 10 deletions b/‎gems/karo/OSVDB-108573.yml‎
Lines changed: 0 additions & 10 deletions
@@ -0,0 +1,35 @@
+---
+gem: karo
+library: rubygems
+framework: rubygems
+platform: rubygems
+cve: 2014-10075
+osvdb: 108573
+ghsa: qfwq-chf4-jvwg
+url: https://nvd.nist.gov/vuln/detail/CVE-2014-10075
+title: karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution
+date: 2014-06-30
+description: |
+  The karo gem 2.3.8 for Ruby allows Remote command injection via
+  the host field.
+
+  karo Gem for Ruby contains a flaw in db.rb that is triggered when handling
+  metacharacters. This may allow a remote attacker to execute arbitrary
+  commands.
+
+  * CWE-77 - Improper Neutralization of Special Elements used
+    in a Command ('Command Injection')
+
+  * Severity: CRITICAL - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+cvss_v3: 9.8
+patched_versions:
+ - '>= 2.3.9'
+related:
+ url:
+  - https://nvd.nist.gov/vuln/detail/CVE-2014-10075
+  - http://www.vapid.dhs.org/advisories/karo-2.3.8.html
+  - http://www.vapidlabs.com/advisory.php?v=63
+  - http://osvdb.org/show/osvdb/108573
+  - https://github.com/advisories/GHSA-qf67-vmxx-gp4jGHSA-qfwq-chf4-jvwg.json
+  - https://github.com/rahult/karo
+  - https://github.com/rahult/karo/blob/master/CHANGELOG.md