OS Command Injection in Rake
Published: August 29, 2019
SECURITY IDENTIFIERS
- CVE: CVE-2020-8130 (NVD)
- GHSA: GHSA-jppv-gw3r-w3q8
GEM
SEVERITY
PATCHED VERSIONS
>= 12.3.3
DESCRIPTION
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in
Rake::FileList when supplying a filename that begins with the pipe character
|.