flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Critical severity
GitHub Reviewed
Published
Jan 26, 2023
to the GitHub Advisory Database
•
Updated Dec 14, 2023
Description
Published to the GitHub Advisory Database
Jan 26, 2023
Reviewed
Jan 26, 2023
Published by the National Vulnerability Database
Dec 12, 2023
Last updated
Dec 14, 2023
flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.
References