BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.
[
{
"product": "BibTeX-ruby",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 5.1.0"
}
]
}
]