0.007 Low
EPSS
Percentile
79.9%
ruby-jss is vulnerable to remote code execution. The vulnerability exists due to the lack of validation which allows an attacker to execute scripts on the Plist when using Marshal.load during XML document processing.
github.com/advisories/GHSA-vmfh-c547-v45h
github.com/patsplat/plist/tree/ce8f9ae42a114f603ea200c955e420782bffc4ad#label-Security+considerations
github.com/PixarAnimationStudios/ruby-jss/blob/e6d48dd8c77f9275c76787d60d3472615fcd9b77/CHANGES.md#160---2021-05-24