Thumbshooter vulnerable to Code Injection
High severity
GitHub Reviewed
Published
Oct 24, 2017
to the GitHub Advisory Database
•
Updated Aug 28, 2023
Description
Published to the GitHub Advisory Database
Oct 24, 2017
Reviewed
Jun 16, 2020
Last updated
Aug 28, 2023
lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
References