CVE-2020-8130

Опубликовано: 24 фев. 2020

Источник: nvd

CVSS3: 6.4

CVSS2: 6.9

EPSS Низкий

Описание

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
Mailing List
Third Party Advisory
https://hackerone.com/reports/651518
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/02/msg00026.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/
https://usn.ubuntu.com/4295-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
Mailing List
Third Party Advisory
https://hackerone.com/reports/651518
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/02/msg00026.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/
https://usn.ubuntu.com/4295-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ruby-lang:rake:*:*:*:*:*:*:*:*

Версия до 12.3.3 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00128

Низкий

6.4 Medium

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2020-8130

CVSS3: 6.4

ubuntu

почти 6 лет назад

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

CVE-2020-8130

CVSS3: 6.4

redhat

больше 6 лет назад

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

CVE-2020-8130

msrc

4 месяца назад

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

CVE-2020-8130

CVSS3: 6.4

debian

почти 6 лет назад

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 i ...

SUSE-SU-2022:3212-1

suse-cvrf

больше 3 лет назад

Security update for rubygem-rake

EPSS

Процентиль: 33%

0.00128

Низкий

6.4 Medium

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-78