[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2013-2121":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":62,"aliases":99,"duplicate_of":9,"upstream":100,"downstream":101,"duplicates":106,"related":107,"reserved_at":9,"published_at":108,"modified_at":109,"state":110,"summary":111,"references_raw":119,"kevs":145,"epss":146,"epss_history":149,"metrics":369,"affected":374},"CVE-2013-2121","Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],[63,72,87],{"_key":64,"name":65,"source":66,"url":67,"maturity":68,"reliability_score":69,"verified":70,"type":9,"platforms":71,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_3090137A9187A4AB","Exploit Reference (bugzilla.redhat.com)","reference","https://bugzilla.redhat.com/show_bug.cgi?id=966804","unknown",0.2,false,[],{"_key":73,"name":74,"source":75,"url":76,"maturity":77,"reliability_score":78,"verified":79,"type":80,"platforms":81,"requires_auth":9,"exploitdb":83,"metasploit":9},"27045","Foreman (RedHat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit)","exploit-database","https://www.exploit-db.com/exploits/27045","weaponized",0.8,true,"remote",[82],"linux",{"verified":79,"type":80,"platform":82,"file":84,"codes":85},"exploits/linux/remote/27045.rb",[7,86],"OSVDB-94671",{"_key":88,"name":89,"source":90,"url":91,"maturity":77,"reliability_score":92,"verified":79,"type":80,"platforms":93,"requires_auth":79,"exploitdb":9,"metasploit":94},"MSF_EXPLOIT_LINUX_HTTP_FOREMAN_OPENSTACK_SATELLITE_CODE_EXEC","Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/linux/http/foreman_openstack_satellite_code_exec.rb",1,[],{"fullname":95,"rank":96,"rank_name":97,"post_auth":79,"check":70,"notes":98},"exploit/linux/http/foreman_openstack_satellite_code_exec",600,"excellent",{"Stability":9,"SideEffects":9,"Reliability":9},[],[],[102,104],{"_key":103},"RHSA-2013:0995",{"_key":105},"RHEA-2014:1175",[],[],"2013-07-31T10:00:00.000Z","2024-08-06T15:27:40.678Z","Modified",{"cisa_kev":70,"cisa_ransomware":70,"cisa_vendor":9,"epss_severity":112,"epss_score":113,"severity":114,"severity_score":115,"severity_version":116,"severity_source":117,"severity_vector":118,"severity_status":110},"critical",0.60925,"medium",6,"v2.0","nvd","AV:N/AC:M/Au:S/C:P/I:P/A:P",[120,126,132,136,142],{"url":121,"sources":122,"tags":124},"http://projects.theforeman.org/issues/2631",[123,117],"cve.org",[125],"X Refsource CONFIRM",{"url":127,"sources":128,"tags":129},"http://rhn.redhat.com/errata/RHSA-2013-0995.html",[123,117],[130,131],"Vendor Advisory","X Refsource REDHAT",{"url":133,"sources":134,"tags":135},"https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU",[123,117],[125],{"url":137,"sources":138,"tags":139},"http://www.exploit-db.com/exploits/27045",[123,117],[140,141],"Exploit","X Refsource EXPLOIT DB",{"url":67,"sources":143,"tags":144},[123,117],[125,140],[],{"date":147,"score":113,"percentile":148},"2026-06-04",0.98327,[150,153,156,159,161,163,165,167,169,171,173,175,178,180,182,185,188,191,194,197,200,202,204,206,208,210,213,215,218,221,223,225,227,229,231,233,235,237,240,243,246,249,251,253,255,257,260,262,264,267,269,271,273,275,278,281,284,286,289,292,295,297,300,303,305,308,310,313,316,318,320,322,324,327,329,332,334,336,339,341,344,346,348,351,354,356,359,362,364,366],{"date":151,"score":113,"percentile":152},"2025-11-04",0.98205,{"date":154,"score":113,"percentile":155},"2025-11-05",0.98206,{"date":157,"score":113,"percentile":158},"2025-11-06",0.98207,{"date":160,"score":113,"percentile":152},"2025-11-07",{"date":162,"score":113,"percentile":152},"2025-11-08",{"date":164,"score":113,"percentile":152},"2025-11-09",{"date":166,"score":113,"percentile":152},"2025-11-10",{"date":168,"score":113,"percentile":152},"2025-11-11",{"date":170,"score":113,"percentile":155},"2025-11-12",{"date":172,"score":113,"percentile":158},"2025-11-13",{"date":174,"score":113,"percentile":158},"2025-11-14",{"date":176,"score":113,"percentile":177},"2025-11-15",0.98204,{"date":179,"score":113,"percentile":152},"2025-11-16",{"date":181,"score":113,"percentile":152},"2025-11-17",{"date":183,"score":113,"percentile":184},"2025-11-18",0.98266,{"date":186,"score":113,"percentile":187},"2025-11-19",0.98268,{"date":189,"score":113,"percentile":190},"2025-11-20",0.98269,{"date":192,"score":113,"percentile":193},"2025-11-21",0.98202,{"date":195,"score":113,"percentile":196},"2025-11-22",0.982,{"date":198,"score":113,"percentile":199},"2025-11-23",0.98201,{"date":201,"score":113,"percentile":199},"2025-11-24",{"date":203,"score":113,"percentile":193},"2025-11-25",{"date":205,"score":113,"percentile":193},"2025-11-26",{"date":207,"score":113,"percentile":193},"2025-11-27",{"date":209,"score":113,"percentile":193},"2025-11-28",{"date":211,"score":113,"percentile":212},"2025-11-29",0.98203,{"date":214,"score":113,"percentile":193},"2025-11-30",{"date":216,"score":113,"percentile":217},"2025-12-01",0.98217,{"date":219,"score":113,"percentile":220},"2025-12-02",0.98219,{"date":222,"score":113,"percentile":220},"2025-12-03",{"date":224,"score":113,"percentile":212},"2025-12-04",{"date":226,"score":113,"percentile":193},"2025-12-05",{"date":228,"score":113,"percentile":212},"2025-12-06",{"date":230,"score":113,"percentile":177},"2025-12-07",{"date":232,"score":113,"percentile":152},"2025-12-08",{"date":234,"score":113,"percentile":152},"2025-12-09",{"date":236,"score":113,"percentile":158},"2025-12-10",{"date":238,"score":113,"percentile":239},"2025-12-11",0.9821,{"date":241,"score":113,"percentile":242},"2025-12-12",0.98213,{"date":244,"score":113,"percentile":245},"2025-12-13",0.98212,{"date":247,"score":113,"percentile":248},"2025-12-14",0.98211,{"date":250,"score":113,"percentile":245},"2025-12-15",{"date":252,"score":113,"percentile":248},"2025-12-16",{"date":254,"score":113,"percentile":242},"2025-12-17",{"date":256,"score":113,"percentile":242},"2025-12-18",{"date":258,"score":113,"percentile":259},"2025-12-19",0.98215,{"date":261,"score":113,"percentile":259},"2025-12-20",{"date":263,"score":113,"percentile":242},"2025-12-21",{"date":265,"score":113,"percentile":266},"2025-12-22",0.98214,{"date":268,"score":113,"percentile":239},"2025-12-23",{"date":270,"score":113,"percentile":239},"2025-12-24",{"date":272,"score":113,"percentile":242},"2025-12-25",{"date":274,"score":113,"percentile":266},"2025-12-26",{"date":276,"score":113,"percentile":277},"2025-12-27",0.98232,{"date":279,"score":113,"percentile":280},"2025-12-28",0.98216,{"date":282,"score":113,"percentile":283},"2025-12-29",0.98218,{"date":285,"score":113,"percentile":283},"2025-12-30",{"date":287,"score":113,"percentile":288},"2025-12-31",0.9822,{"date":290,"score":113,"percentile":291},"2026-01-01",0.98239,{"date":293,"score":113,"percentile":294},"2026-01-02",0.9824,{"date":296,"score":113,"percentile":294},"2026-01-03",{"date":298,"score":113,"percentile":299},"2026-01-04",0.98224,{"date":301,"score":113,"percentile":302},"2026-01-05",0.98225,{"date":304,"score":113,"percentile":302},"2026-01-06",{"date":306,"score":113,"percentile":307},"2026-01-07",0.98227,{"date":309,"score":113,"percentile":307},"2026-01-08",{"date":311,"score":113,"percentile":312},"2026-01-09",0.98229,{"date":314,"score":113,"percentile":315},"2026-01-10",0.98231,{"date":317,"score":113,"percentile":312},"2026-01-11",{"date":319,"score":113,"percentile":307},"2026-01-12",{"date":321,"score":113,"percentile":307},"2026-01-13",{"date":323,"score":113,"percentile":312},"2026-01-14",{"date":325,"score":113,"percentile":326},"2026-01-15",0.9823,{"date":328,"score":113,"percentile":277},"2026-01-16",{"date":330,"score":113,"percentile":331},"2026-01-17",0.98233,{"date":333,"score":113,"percentile":277},"2026-01-18",{"date":335,"score":113,"percentile":331},"2026-01-19",{"date":337,"score":113,"percentile":338},"2026-01-20",0.98235,{"date":340,"score":113,"percentile":338},"2026-01-21",{"date":342,"score":113,"percentile":343},"2026-01-22",0.98238,{"date":345,"score":113,"percentile":343},"2026-01-23",{"date":347,"score":113,"percentile":294},"2026-01-24",{"date":349,"score":113,"percentile":350},"2026-01-25",0.98241,{"date":352,"score":113,"percentile":353},"2026-01-26",0.98243,{"date":355,"score":113,"percentile":353},"2026-01-27",{"date":357,"score":113,"percentile":358},"2026-01-28",0.98245,{"date":360,"score":113,"percentile":361},"2026-01-29",0.98244,{"date":363,"score":113,"percentile":358},"2026-01-30",{"date":365,"score":113,"percentile":353},"2026-01-31",{"date":367,"score":113,"percentile":368},"2026-02-01",0.98257,[370],{"source":117,"cvss_v2_0":371,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":115,"baseSeverity":9,"vectorString":118,"impactScore":372,"exploitabilityScore":373},6.4,6.8,[375,383],{"ecosystem":9,"name":376,"vendor":377,"product":376,"cpe_part":378,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":379},"openstack","redhat","a",[380],{"version":381,"is_range":70,"range_type":382,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0","cpe",{"ecosystem":9,"name":384,"vendor":385,"product":384,"cpe_part":378,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":386},"foreman","theforeman",[387,391],{"version":388,"is_range":79,"range_type":382,"version_start":9,"version_start_type":9,"version_end":389,"version_end_type":390,"fixed_in":9},"lte1.2.0","1.2.0","including",{"version":392,"is_range":70,"range_type":382,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.1"]