Skip to content

Fix spelling of Shell#test (en) #2156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 6, 2019
Merged

Fix spelling of Shell#test (en) #2156

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion en/news/_posts/2019-10-01-code-injection-shell-test-cve-2019-16255.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ A code injection vulnerability of Shell#[] and Shell#test in a standard library

Shell#[] and its alias Shell#test defined in lib/shell.rb allow code injection if the first argument (aka the "command" argument) is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

Note that passing untrusted data to methods of Shell is dangerous in general. Users must never do it. However, we treat this particular case as a vulnerability because the purpose of Shell#[] and Shell#[] is considered file testing.
Note that passing untrusted data to methods of Shell is dangerous in general. Users must never do it. However, we treat this particular case as a vulnerability because the purpose of Shell#[] and Shell#test is considered file testing.

All users running an affected release should upgrade immediately.

Expand All @@ -33,3 +33,4 @@ Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for discovering this issu
## History

* Originally published at 2019-10-01 11:00:00 (UTC)
* Fixed minor spelling problem at 2019-10-05 12:00:00 (UTC)