Vulnerabilities

 1 via 1 paths

Dependencies

 9

Source

 GitHub

Commit

 6f7fcd7a

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Arbitrary Code Injection

  • Vulnerable module: rake
  • Introduced through: rake@10.5.0

Detailed paths

  • Introduced through: zt2/figi:Gemfile.lock@zt2/figi#6f7fcd7ac45be8f501bcf22d952bd2b0147d7482 rake@10.5.0
    Remediation: Upgrade to rake@12.3.3.

Overview

rake is a Make-like program implemented in Ruby.

Affected versions of this package are vulnerable to Arbitrary Code Injection in Rake::FileList when supplying a filename that begins with the pipe character |.

PoC by Katsuhiko Yoshida

% ls -1
Gemfile
Gemfile.lock
poc_rake.rb
vendor
| touch evil.txt
% bundle exec ruby poc_rake.rb
["poc_rake.rb", "Gemfile", "Gemfile.lock", "| touch evil.txt", "vendor"]
poc_rake.rb:6:list.egrep(/something/)
Error while processing 'vendor': Is a directory @ io_fillbuf - fd:7 vendor
% ls -1
Gemfile
Gemfile.lock
evil.txt
poc_rake.rb
vendor
| touch evil.txt

Remediation

Upgrade rake to version 12.3.3 or higher.

References

Arbitrary Code Injection vulnerability report