2 matches found
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1124)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1124 advisory. Thor before 1.4.0 can construct an unsafe shell command from library input. CVE-2025-54314 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...
GHSA-MQCP-P2HV-VW6X Withdrawn Advisory: Thor can construct an unsafe shell command from library input.
Withdrawn Advisory This advisory has been withdrawn because the method described can only be used with arguments that are controlled by Thor, and an external attacker cannot access the functionality described in the body of the CVE. This link is maintained to preserve external references. Origina...