ADVISORIES
- OSVDB-110796
GEM
PATCHED VERSIONS
- >= 0.3.3
DESCRIPTION
FlavourSaver contains a flaw in helper method dispatch where it uses Kernel::send to call helpers without checking that they are defined within the template context first. This allows expressions such as {{system "ls"}} or {{eval "puts 1 + 1"}} to be executed.