RubyGems fastreader 'entry_controller.rb'远程命令执行漏洞

BUGTRAQ ID: 58450 RubyGems fastreader是基于终端的订阅器。 fastreader在entrycontroller.rb的实现上存在远程命令执行漏洞，攻击者可利用此漏洞在受影响应用上下文中执行任意代码。 0 rubygems fastreader 厂商补丁： rubygems -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://rubygems.org/gems/minimagick...

RubyGems fastreader - 'entry_controller.rb' Remote Command Execution

source: https://www.securityfocus.com/bid/58450/info fastreader is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary commands in the context of the affected...