GHSA-73qw-ww62-m54x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-73qw-ww62-m54x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-73qw-ww62-m54x/GHSA-73qw-ww62-m54x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-73qw-ww62-m54x
- Aliases
-
- CVE-2015-7541
- Published
- 2017-10-24T18:33:36Z
- Modified
- 2024-02-19T05:32:54.496012Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- colorscore Command Injection vulnerability
- Details
-
The initialize method in the Histogram class in
lib/colorscore/histogram.rbin the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1)image_path, (2)colors, or (3)depthvariable. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-77" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:21:15Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-7541
- https://github.com/quadule/colorscore/commit/570b5e854cecddd44d2047c44126aed951b61718
- https://github.com/quadule/colorscore
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/colorscore/CVE-2015-7541.yml
- http://rubysec.com/advisories/CVE-2015-7541
- http://seclists.org/oss-sec/2016/q1/17
- http://www.openwall.com/lists/oss-security/2016/01/05/2
Affected packages
RubyGems / colorscore
Package
- Name
- colorscore
- Purl
- pkg:gem/colorscore