Sha256: 909ae1648b41dc6843e89b38503812ac7a657d42503c97e6929e109a366595a0

Contents?: true

Size: 474 Bytes

Versions: 5

Compression:

Stored size: 474 Bytes

Contents

cve: 2016-10193
gem: espeak-ruby
url: https://github.com/dejan/espeak-ruby/issues/7
title: espeak-ruby Gem for Ruby Arbitrary Command Execution
date: 2016-04-13

description: |
  espeak-ruby passes user modifiable strings directly to a shell
  command. An attacker can execute malicious commands by modifying
  the strings that are passed as arguments to the speak, save, bytes
  and bytes_wav methods in the lib/espeak/speech.rb library.

patched_versions:
  - '>= 1.0.3'

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml