Critical severity9.8NVD Advisory· Published Mar 3, 2017· Updated May 13, 2026
CVE-2016-10193
CVE-2016-10193
Description
The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
espeak-rubyRubyGems | < 1.0.3 | 1.0.3 |
Affected products
1- cpe:2.3:a:espeak-ruby_project:espeak-ruby:*:*:*:*:*:ruby:*:*Range: <=1.0.2
Patches
15251744b13bdVulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- www.openwall.com/lists/oss-security/2017/01/31/14nvdMailing ListPatchThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2017/02/02/5nvdMailing ListPatchThird Party AdvisoryWEB
- github.com/dejan/espeak-ruby/issues/7nvdMailing ListPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-4jm3-pfpf-h54pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10193ghsaADVISORY
- github.com/dejan/espeak-ruby/commit/5251744b13bdd9fb0c72c612226e72d330bac143ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/espeak-ruby/CVE-2016-10193.ymlghsaWEB
News mentions
0No linked articles in our index yet.