AZL-65613

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65613.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-65613

Upstream

CVE-2025-54314

Published

2025-07-20T03:15:22Z

Modified

2026-04-21T04:37:38.952362Z

Summary

CVE-2025-54314 affecting package rubygem-thor 1.2.1-1

Details

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."

References

https://nvd.nist.gov/vuln/detail/CVE-2025-54314

Affected packages

Azure Linux:3 / rubygem-thor

Package

Name: rubygem-thor
Purl: pkg:rpm/azure-linux/rubygem-thor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.2.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65613.json"