Sha256: 5e4c693483e1016dca6a416223db88653f8c73782849860989b38c7532406e26
Contents?: true
Size: 650 Bytes
Versions: 1
Compression:
Stored size: 650 Bytes
Contents
---
gem: rexical
cve: 2019-5477
date: 2019-08-11
url: https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
title: Rexical Command Injection Vulnerability
description: |
A command injection vulnerability appears in code generated by the Rexical
gem versions v1.0.6 and earlier. It allows commands to be executed in a
subprocess by Ruby's `Kernel.open` method.
patched_versions:
- ">= 1.0.7"
cvss_v2: 7.5
cvss_v3: 9.8
related:
url:
- https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc#107--2019-08-06
- https://groups.google.com/forum/#!msg/ruby-security-ann/YMnKFsASOAE/Fw3ocLI0BQAJ
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/rexical/CVE-2019-5477.yml |