Moderate severityNVD Advisory· Published Feb 24, 2020· Updated Aug 4, 2024
CVE-2020-8130
CVE-2020-8130
Description
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rakeRubyGems | < 12.3.3 | 12.3.3 |
Affected products
9- Ruby/Rakedescription
- ghsa-coords8 versionspkg:gem/rakepkg:rpm/opensuse/ruby2.5&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/rubygem-rake&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012
< 12.3.3+ 7 more
- (no CPE)range: < 12.3.3
- (no CPE)range: < 2.5.7-lp151.4.6.1
- (no CPE)range: < 2.5.7-4.8.1
- (no CPE)range: < 2.5.7-4.8.1
- (no CPE)range: < 2.5.7-4.8.1
- (no CPE)range: < 2.5.7-4.8.1
- (no CPE)range: < 2.5.7-4.8.1
- (no CPE)range: < 10.3.2-9.7.1
Patches
Vulnerability mechanics
References
13- lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-jppv-gw3r-w3q8ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-8130ghsaADVISORY
- usn.ubuntu.com/4295-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aeeghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rake/CVE-2020-8130.ymlghsaWEB
- hackerone.com/reports/651518ghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2020/02/msg00026.htmlghsamailing-listx_refsource_MLISTWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36BghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44ghsaWEB
- usn.ubuntu.com/4295-1ghsaWEB
News mentions
0No linked articles in our index yet.