High severity vulnerability that affects colorscore

2018-08-15T20:03:53
ID GHSA-9WCM-RRVH-QJC8
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:02

Description

Withdrawn, accidental duplicate publish.

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.