Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwcHYtZ3czci13M3E4

Moderate EPSS: 0.00032% (0.08468 Percentile) EPSS:
Permalink JSON

OS Command Injection in Rake

Affected Packages Affected Versions Fixed Versions
rubygems:rake
PURL: pkg:gem/rake
<= 12.3.2 12.3.3
80,840 Dependent packages
1,222,401 Dependent repositories
1,163,354,862 Downloads total

Affected Version Ranges

All affected versions

0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.4.15, 0.5.0, 0.5.3, 0.5.4, 0.6.0, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.1.0, 10.1.1, 10.2.0, 10.2.1, 10.2.2, 10.3.0, 10.3.1, 10.3.2, 10.4.0, 10.4.1, 10.4.2, 10.5.0, 11.0.1, 11.1.0, 11.1.1, 11.1.2, 11.2.0, 11.2.2, 11.3.0, 12.0.0, 12.1.0, 12.2.0, 12.2.1, 12.3.0, 12.3.1, 12.3.2

All unaffected versions

12.3.3, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.1.0, 13.2.0, 13.2.1, 13.3.0, 13.3.1

There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.

References:

Identifiers

GHSA-jppv-gw3r-w3q8

CVE-2020-8130

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00032

EPSS Percentile: 0.08468

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/ruby/rake

Date and time

Published

over 5 years ago

Updated

about 2 years ago

API

JSON