GHSA-w655-w578-99pq

Опубликовано: 21 авг. 2018

Источник: github

Github: Прошло ревью

Описание

High severity vulnerability that affects espeak-ruby

Withdrawn, accidental duplicate publish.

The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2016-10193
https://github.com/advisories/GHSA-w655-w578-99pq

Пакеты

Наименование

espeak-ruby

rubygems

Затронутые версииВерсия исправления

< 1.0.3

1.0.3