Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

Уязвимость реализации метода интерпретатора языка программирования Ruby, позволяющая нарушителю выполнить произвольный код

Recommended update for ruby2.5

Recommended update for ruby2.5

Moderate: ruby:2.5 security, bug fix, and enhancement update

ELSA-2021-2587: ruby:2.5 security, bug fix, and enhancement update (MODERATE)

Moderate: ruby:2.6 security, bug fix, and enhancement update

ELSA-2021-2588: ruby:2.6 security, bug fix, and enhancement update (MODERATE)

Security update for ruby2.1