lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a URL.
rubygems fastreader 1.0.8