colorscore Command Injection vulnerability

GHSA-73qw-ww62-m54x · CVE-2015-7541

Published Oct 24, 2017 · Modified Feb 19, 2024

Description

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-7541
WEB https://github.com/quadule/colorscore/commit/570b5e854cecddd44d2047c44126aed951b61718
PACKAGE https://github.com/quadule/colorscore
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/colorscore/CVE-2015-7541.yml
WEB http://rubysec.com/advisories/CVE-2015-7541
WEB http://seclists.org/oss-sec/2016/q1/17
WEB http://www.openwall.com/lists/oss-security/2016/01/05/2

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes