2020-02-24 14:41:26
hackerone
PUBLISHED
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.