{"api_version":"1","generated_at":"2026-04-24T07:58:18+00:00","cve":"CVE-2014-0156","urls":{"html":"https://cve.report/CVE-2014-0156","api":"https://cve.report/api/cve/CVE-2014-0156.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-0156","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-0156"},"summary":{"title":"CVE-2014-0156","description":"Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-06-30 21:15:00","updated_at":"2022-07-12 15:31:00"},"problem_types":["CWE-78"],"metrics":[],"references":[{"url":"https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff","name":"https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff","refsource":"MISC","tags":[],"title":"Separate command line building and sanitizing into its own class. · ManageIQ/awesome_spawn@e524f85 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://rubysec.com/advisories/CVE-2014-0156/","name":"https://rubysec.com/advisories/CVE-2014-0156/","refsource":"MISC","tags":[],"title":"CVE-2014-0156 (awesome_spawn): OS command injection flaw in awesome_spawn - RubySec","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-0156","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0156","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"156","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"manageiq","cpe5":"awesomespawn","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2014-0156","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"awesome_spawn","version":{"version_data":[{"version_value":">1.20, >= 1.30"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-78"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://rubysec.com/advisories/CVE-2014-0156/","url":"https://rubysec.com/advisories/CVE-2014-0156/"},{"refsource":"MISC","name":"https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff","url":"https://github.com/ManageIQ/awesome_spawn/commit/e524f85f1c6e292ef7d117d7818521307ac269ff"}]},"description":{"description_data":[{"lang":"eng","value":"Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command."}]}},"nvd":{"publishedDate":"2022-06-30 21:15:00","lastModifiedDate":"2022-07-12 15:31:00","problem_types":["CWE-78"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:manageiq:awesomespawn:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndExcluding":"1.5.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"156","Ordinal":"66789","Title":"CVE-2014-0156","CVE":"CVE-2014-0156","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"156","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}