- CVE-2015-7541 (NVD)
- Vendor Advisory
CVSS v3.x: 10.0 (Critical)
- >= 0.0.5
The contents of the
depth variables generated
from possibly user-supplied input are passed directly to the shell via
If a user supplies a value that includes shell metacharacters such as ‘;’, an attacker may be able to execute shell commands on the remote system as the user id of the Ruby process.
To resolve this issue, the aforementioned variables (especially
must be sanitized for shell metacharacters.