There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.
|
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "rake": "10.5.0-2ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "rake": "12.3.1-1ubuntu0.1" } ] }