12 matches found
EUVD-2024-0871
Malicious code in bioql PyPI...
CVE-2023-28102
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
GHSA-8832-4MM5-X2R6 discordrb OS Command Injection vulnerability
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection such that the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. Note: The library is not directly exploitable...
CVE-2023-28102
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
CVE-2023-28102
The CVE-2023-28102 issue affects the discordrb Ruby library, where the encoder.rb code path before commit 91e13043ffa unsafely constructs a shell command using a file parameter. This can allow an attacker-controlled input to reach the vulnerable method and execute arbitrary shell commands on the ...
CVE-2023-28102 Command injection in discordrb
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
CVE-2023-28102 Command injection in discordrb
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
CVE-2023-28102 Command injection in discordrb
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
discordrb操作系统命令注入漏洞
discordrb is Shard Lab's personal developer's repository for implementing the Discord API using Ruby. Discordrb suffers from an operating system command injection vulnerability that stems from the encoder.rb file insecurely constructing a shell string using the file parameter, which leaves the...
PT-2023-21560 · Discordrb · Discordrb
Name of the Vulnerable Software and Affected Versions: discordrb versions prior to commit 91e13043ffa Description: The discordrb library, an implementation of the Discord API using Ruby, has a command injection issue due to the unsafe construction of a shell string using the file parameter in the...
GHSL-2022-094: Remote Code Execution in discordrb
The encodefile method may lead to remote code execution RCE if invoked with untrusted user-controlled data...