There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList
when supplying a filename that begins with the pipe character |
.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-78" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-02-25T15:50:03Z" }