There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html | Mailing List Third Party Advisory |
https://hackerone.com/reports/651518 | Exploit Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/02/msg00026.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/ | |
https://usn.ubuntu.com/4295-1/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2020-02-24T14:41:26
Updated: 2020-04-27T06:06:07
Reserved: 2020-01-28T00:00:00
Link: CVE-2020-8130
JSON object: View
NVD Information
Status : Modified
Published: 2020-02-24T15:15:11.957
Modified: 2023-11-07T03:26:16.500
Link: CVE-2020-8130
JSON object: View
Redhat Information
No data.
CWE