GHSA-F7F4-5W9J-23P2 festivaltts4r allows arbitrary command execution

The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the 1 tospeech or 2 tomp3 method in lib/festivaltts4r/festival4r.rb...

festivaltts4r gem for Ruby Remote Command Execution Vulnerability

The festivaltts4r gem for Ruby is a Ruby-based language interface for the Festival TTS speech synthesis system. A security vulnerability exists in the festivaltts4r gem for Ruby. A remote attacker can exploit this vulnerability by sending a string with shell metacharacters to the tospeech or tomp...

festivaltts4r Gem for Ruby Arbitrary Command Execution

festivaltts4r passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to the tospeech and and tomp3 methods in lib/festivaltts4r/festival4r.rb library...