Lucene search
GoogleOSV:CVE-2020-8130HistoryFeb 24, 2020 - 3:15 p.m.
CVE-2020-8130
2020-02-2415:15:11
Google
osv.dev
2
0.001 Low
EPSS
Percentile
36.6%
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rake | eq | rake-0.8.1 | |
| rake | eq | rake-10.1.1 | |
| rake | eq | rake-0.9.6 | |
| rake | eq | rake-0.8.1.6 | |
| rake | eq | rake-10.1.0.beta.3 | |
| rake | eq | 10.4.1 | |
| rake | eq | 12.3.1 | |
| rake | eq | 11.2.1 | |
| rake | eq | 10.5.0 | |
| rake | eq | rake-0.8.7 |
References
lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
hackerone.com/reports/651518
lists.debian.org/debian-lts-announce/2020/02/msg00026.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/
usn.ubuntu.com/4295-1/
Related
fedora
fedora
[SECURITY] Fedora 31 Update: rubygem-rake-12.3.3-200.fc31
2020-04-27 04:47:55
[SECURITY] Fedora 30 Update: rubygem-rake-12.3.3-200.fc30
2020-04-27 03:06:55
veracode
veracode
OS Command Injection
2020-02-26 04:45:34
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0121)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3212-1)
2022-09-09 00:00:00
Debian: Security Advisory (DLA-2120-1)
2020-02-27 00:00:00
osv
osv
OS Command Injection in Rake
2020-02-28 16:54:36
rake - security update
2020-02-26 00:00:00
cve
cve
CVE-2020-8130
2020-02-24 15:15:11
nessus
nessus
Debian DLA-2120-1 : rake security update
2020-02-27 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : Rake vulnerability (USN-4295-1)
2020-03-06 00:00:00
Amazon Linux AMI : rubygem-rake (ALAS-2020-1384)
2020-07-02 00:00:00
github
github
OS Command Injection in Rake
2020-02-28 16:54:36
cvelist
cvelist
CVE-2020-8130
2020-02-24 14:41:26
debian
debian
[SECURITY] [DLA 2120-1] rake security update
2020-02-26 21:33:22
ubuntucve
ubuntucve
CVE-2020-8130
2020-02-24 00:00:00
amazon
amazon
Medium: rubygem24-rake
2020-06-23 06:06:00
Medium: rubygem-rake
2020-06-23 06:05:00
debiancve
debiancve
CVE-2020-8130
2020-02-24 15:15:11
ubuntu
ubuntu
Rake vulnerability
2020-03-03 00:00:00
nvd
nvd
CVE-2020-8130
2020-02-24 15:15:11
prion
prion
Command injection
2020-02-24 15:15:00
hackerone
hackerone
Ruby: OS Command Injection via egrep in Rake::FileList
2019-07-20 04:16:53
cloudfoundry
cloudfoundry
USN-4295-1: Rake vulnerability | Cloud Foundry
2020-03-10 00:00:00
mageia
mageia
Updated ruby-rake packages fix security vulnerability
2020-03-06 19:13:58
redhatcve
redhatcve
CVE-2020-8130
2020-03-23 17:31:40
suse
suse
Recommended update for ruby2.5 (important)
2020-03-28 00:00:00
redhat
redhat
(RHSA-2021:4702) Moderate: Satellite 6.10 Release
2021-11-16 13:58:57