Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2020-1384

Related Vulnerabilities: CVE-2020-8130  

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. (CVE-2020-8130)

Source

ALAS-2020-1384

Amazon Linux AMI Security Advisory: ALAS-2020-1384
Advisory Release Date: 2020-06-23 06:05 Pacific
Advisory Updated Date: 2020-06-26 04:47 Pacific
Severity: Medium
References: CVE-2020-8130 
Issue Overview:

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. (CVE-2020-8130)


Affected Packages:

rubygem-rake


Issue Correction:
Run yum update rubygem-rake to update your system.

New Packages:
noarch:
    rubygem21-rake-doc-10.4.2-1.48.amzn1.noarch
    rubygem20-rake-10.4.2-1.48.amzn1.noarch
    rubygem23-rake-10.4.2-1.48.amzn1.noarch
    rubygem21-rake-10.4.2-1.48.amzn1.noarch
    rubygem22-rake-doc-10.4.2-1.48.amzn1.noarch
    rubygem23-rake-doc-10.4.2-1.48.amzn1.noarch
    rubygem22-rake-10.4.2-1.48.amzn1.noarch
    rubygem20-rake-doc-10.4.2-1.48.amzn1.noarch

src:
    rubygem-rake-10.4.2-1.48.amzn1.src

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started