CVE-2015-7541
The CVE refers to the colorscore Ruby gem, specifically the Histogram.initialize method in lib/colorscore/histogram.rb, vulnerable before version 0.0.5. The root cause is shell metacharacters in user-supplied input (image_path, colors, or depth) being passed to shell commands, enabling arbitrary ...