CVE-2020-8130
rake Critical
Command Injection
Discovered about 1 year ago
Published over 1 year ago
Category: Command Injection
Source: GitHub
Severity: Critical

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 12.3.3

Unaffected Versions

n/a

References

n/a