Lucene search
GoogleOSV:GHSA-4JM3-PFPF-H54PHistoryOct 24, 2017 - 6:33 p.m.
espeak-ruby allows arbitrary command execution
2017-10-2418:33:35
Google
osv.dev
9
EPSS
0.006
Percentile
78.1%
The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb.
References
www.openwall.com/lists/oss-security/2017/01/31/14
www.openwall.com/lists/oss-security/2017/02/02/5
github.com/dejan/espeak-ruby
github.com/dejan/espeak-ruby/commit/5251744b13bdd9fb0c72c612226e72d330bac143
github.com/dejan/espeak-ruby/issues/7
github.com/rubysec/ruby-advisory-db/blob/master/gems/espeak-ruby/CVE-2016-10193.yml
nvd.nist.gov/vuln/detail/CVE-2016-10193
Related
nvd
nvd
CVE-2016-10193
2017-03-03 15:59:00
github
github
espeak-ruby allows arbitrary command execution
2017-10-24 18:33:35
prion
prion
Code injection
2017-03-03 15:59:00
cve
cve
CVE-2016-10193
2017-03-03 15:59:00
rubygems
rubygems
espeak-ruby Gem for Ruby Arbitrary Command Execution
2016-04-12 21:00:00
cvelist
cvelist
CVE-2016-10193
2017-03-03 15:00:00
osv
osv
CVE-2016-10193
2017-03-03 15:59:00