GHSA-f7f4-5w9j-23p2

Source

https://github.com/advisories/GHSA-f7f4-5w9j-23p2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-f7f4-5w9j-23p2/GHSA-f7f4-5w9j-23p2.json

Aliases

CVE-2016-10194

Published

2017-10-24T18:33:35Z

Modified

2023-11-08T03:58:09.808310Z

Details

The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.

References

https://nvd.nist.gov/vuln/detail/CVE-2016-10194
https://github.com/spejman/festivaltts4r/issues/1
https://github.com/spejman/festivaltts4r
http://www.openwall.com/lists/oss-security/2017/01/31/14
http://www.openwall.com/lists/oss-security/2017/02/02/5

Affected packages

RubyGems / festivaltts4r

Package

Name: festivaltts4r

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Last affected

0.2.0

Affected versions

0.*

0.1.0

0.1.1

0.2.0