Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2020-8130

Published: 24/02/2020 Updated: 07/11/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 6.4 | Impact Score: 5.9 | Exploitability Score: 0.5
VMScore: 615
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ruby-lang

Vulnerability Summary

It exists that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ruby-lang rake

debian debian linux 8.0

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

fedoraproject fedora 30

opensuse leap 15.1

canonical ubuntu linux 19.10

fedoraproject fedora 31

Vendor Advisories

Ubuntu Security Notice: rake vulnerability
Rake could be made run arbitrary commands it received a specially crafted file ...
Amazon Linux AMI: ALAS-2020-1385
There is an OS command injection vulnerability in Ruby Rake < 1233 in Rake::FileList when supplying a filename that begins with the pipe character `|` (CVE-2020-8130) ...
Amazon Linux AMI: ALAS-2020-1384
There is an OS command injection vulnerability in Ruby Rake < 1233 in Rake::FileList when supplying a filename that begins with the pipe character `|` (CVE-2020-8130) ...

Github Repositories

https://github.com/m-mizutani/triview

CLI tool to view trivy DB

triview CLI tool to lookup trivy database Database can be downloaded from githubcom/aquasecurity/trivy-db/releases Setup go install githubcom/m-mizutani/triview@latest Usage Show advisory source list $ triview -d /path/to/db adv GitHub Security Advisory Composer GitHub Security Advisory Maven GitHub Security Advisory Npm (snip

https://github.com/wxianfeng/hanzi_to_pinyin

✍️ Chinese Hanzi To Pinyin, Writen In Ruby

English User See: READMEENmd hanzi_to_pinyin 获取汉字首字母 获取汉字完整拼音 把汉字转化为安全的 url 安装 ruby version <= 210 $ gem 'hanzi_to_pinyin', '100', require: 'hanzi_to_pinyin' ruby version >=220 $ gem 'hanzi_to_pinyin', require: 'hanzi_t

References

CWE-78https://hackerone.com/reports/651518https://lists.debian.org/debian-lts-announce/2020/02/msg00026.htmlhttps://usn.ubuntu.com/4295-1/http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/https://usn.ubuntu.com/4295-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook