The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb.
{
"cpe": "cpe:2.3:a:espeak-ruby_project:espeak-ruby:*:*:*:*:*:ruby:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.2"
}
]
}