High severity vulnerability that affects colorscore

GHSA-9wcm-rrvh-qjc8

Published Aug 15, 2018 · Modified Dec 2, 2024

Description

Withdrawn, accidental duplicate publish.

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-7541
ADVISORY https://github.com/advisories/GHSA-9wcm-rrvh-qjc8

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes