What is CVE-2013-5036?

CVE-2013-5036 is a vulnerability in Squash Square_squash, classified under Code Injection. Published 2014-05-27.

Is CVE-2013-5036 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Squash Square_squash

CVE-2013-5036

The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.805 (99.2th percentile) — read the EPSS interpretation.

Affected products

Squash Square_squash
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)
squash-yaml-code-execution(86335) (vdb-entry, x_refsource_XF)
27530 (Exploit, exploit, x_refsource_EXPLOIT-DB)
95992 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2013-5036?: CVE-2013-5036 is a vulnerability in Squash Square_squash, classified under Code Injection. Published 2014-05-27.
Is CVE-2013-5036 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.