smalruby and smalruby-editor vulnerable to OS Command Injection
Published: May 13, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2017-2096 (NVD)
- GHSA: GHSA-f489-655r-x6gr
- Vendor Advisory: http://jvn.jp/en/jp/JVN50197114/index.html
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
>= 0.1.11
DESCRIPTION
smalruby-editor prior to 0.4.1 and smalruby prior to 0.1.11 allows remote attackers to execute arbitrary OS commands via unspecified vectors.