The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem prior to 0.0.5 for Ruby allows context-dependent malicious users to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
colorscore project colorscore |