GHSA-229R-PQP6-8W6G sprout Arbitrary Code Execution vulnerability

The unpackzip function in archiveunpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a 1 filename or 2 path...

sprout Arbitrary Code Execution vulnerability

The unpackzip function in archiveunpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a 1 filename or 2 path...

sprout Gem for Ruby archive_unpacker.rb unpack_zip() Function Multiple Parameter Arbitrary Code Execution

sprout Gem for Ruby contains a flaw in the unpackzip function in archiveunpacker.rb. The issue is due to the program failing to properly sanitize input passed via the 'zipfile', 'dir', 'zipname', and 'output' parameters. This may allow a context-dependent attacker to execute arbitrary code...