CVE-2024-39906 Remote code execution in Haven IndieAuthClient (GHSL-2024-093)

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...