gyazo Gem for Ruby client.rb Metacharacter Handling Remote Command Execution
Published: June 30, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-4994 (NVD)
- GHSA: GHSA-6x45-86q6-rcmr
- OSVDB: OSVDB-108563
GEM
SEVERITY
CVSS v3.x: 5.5 (Medium)
PATCHED VERSIONS
>= 2.0.0
DESCRIPTION
gyazo Gem for Ruby contains a flaw in client.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.