commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename.