RubySec

Providing security resources for the Ruby community

CVE-2015-7541 (colorscore): colorscore Gem for Ruby lib/colorscore/histogram.rb Arbitrary Command Injection

ADVISORIES

GEM

colorscore

SEVERITY

CVSS v3.x: 10.0 (Critical)

PATCHED VERSIONS

  • >= 0.0.5

DESCRIPTION

The contents of the image_path, colors, and depth variables generated from possibly user-supplied input are passed directly to the shell via convert ....

If a user supplies a value that includes shell metacharacters such as ';', an attacker may be able to execute shell commands on the remote system as the user id of the Ruby process.

To resolve this issue, the aforementioned variables (especially image_path) must be sanitized for shell metacharacters.