CVE-2019-5477 (rexical): Rexical Command Injection Vulnerability

ADVISORIES

CVE-2019-5477 (NVD)
GHSA-cr5j-953j-xw5p
Vendor Advisory

GEM

rexical

SEVERITY

CVSS v3.x: 9.8 (Critical)

CVSS v2.0: 7.5 (High)

PATCHED VERSIONS

>= 1.0.7

DESCRIPTION

A command injection vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. It allows commands to be executed in a subprocess by Ruby's Kernel.open method.

https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc#107--2019-08-06
https://groups.google.com/forum/#!msg/ruby-security-ann/YMnKFsASOAE/Fw3ocLI0BQAJ

RubySec

CVE-2019-5477 (rexical): Rexical Command Injection Vulnerability

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories