Skip to content
This repository has been archived by the owner on Jun 6, 2023. It is now read-only.

Security - Rake Update (CVE-2020-8130) #3

Open
smaziano opened this issue Mar 2, 2020 · 0 comments
Open

Security - Rake Update (CVE-2020-8130) #3

smaziano opened this issue Mar 2, 2020 · 0 comments
Assignees
@nelsonmfinda
Labels
enhancement security

Comments

@smaziano
Copy link
Collaborator

smaziano commented Mar 2, 2020

Vulnerable versions: <= 12.3.2
Patched version: 12.3.3
There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nelsonmfinda nelsonmfinda

Labels
enhancement security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smaziano @nelsonmfinda