Sha256: 2f67644ea0642eb7aab3197d25c933e6ccec8284c79cc8d2c1e59fd587805e89

Contents?: true

Size: 449 Bytes

Versions: 5

Compression:

Stored size: 449 Bytes

Contents

cve: 2016-10194
gem: festivaltts4r
url: https://github.com/spejman/festivaltts4r/issues/1
title: festivaltts4r Gem for Ruby Arbitrary Command Execution
date: 2016-04-23

description: |
  festivaltts4r passes user modifiable strings directly to a shell
  command. An attacker can execute malicious commands by modifying
  the strings that are passed as arguments to the to_speech and
  and to_mp3 methods in lib/festivaltts4r/festival4r.rb library.

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml