漏洞类别:Local
漏洞等级: 
漏洞信息
The colorscore Ruby Gem finds the dominant colors in an image and scores them against a user-defined palette, using the CIE2000 Delta E formula.
The contents of the `image_path`, `colors`, and `depth` variables generated from possibly user-supplied input are passed directly to the shell. If a user supplies a value that includes shell metacharacters such as ';' , an attacker may be able to execute shell commands on the remote system as the user id of the Ruby process.
Affected Versions:
colorscore gem before 0.0.5 for Ruby
漏洞危害
Successful exploitation allows attackers to execute arbitrary code via shell metacharacters.
解决方案
Customers are advised to upgrade to colorscore 0.0.5 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论