This repository was archived by the owner on Mar 7, 2024. It is now read-only.
Description rake-10.0.3.gem
Rake is a Make-like program implemented in Ruby. Tasks and dependencies arespecified in standard Ruby syntax.
Library home page: https://rubygems.org/gems/rake-10.0.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rake-10.0.3.gem
Found in HEAD commit: b796a1fef53fffdf990be54f950a21eac4ad72d0
Vulnerabilities
CVE
Severity
Dependency
Type
Fixed in (rake version)
Remediation Possible**
CVE-2020-8130 6.4
rake-10.0.3.gem
Direct
v12.3.3
❌
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-8130 Vulnerable Library - rake-10.0.3.gem
Rake is a Make-like program implemented in Ruby. Tasks and dependencies arespecified in standard Ruby syntax.
Library home page: https://rubygems.org/gems/rake-10.0.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rake-10.0.3.gem
Dependency Hierarchy:
❌ rake-10.0.3.gem (Vulnerable Library)
Found in HEAD commit: b796a1fef53fffdf990be54f950a21eac4ad72d0
Found in base branch: master
Vulnerability Details
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.
Publish Date: 2020-02-24
URL: CVE-2020-8130
CVSS 3 Score Details (6.4 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Local
Attack Complexity: High
Privileges Required: High
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8130
Release Date: 2020-06-30
Fix Resolution: v12.3.3
Step up your Open Source Security Game with Mend here
Reactions are currently unavailable
Rake is a Make-like program implemented in Ruby. Tasks and dependencies arespecified in standard Ruby syntax.
Library home page: https://rubygems.org/gems/rake-10.0.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rake-10.0.3.gem
Found in HEAD commit: b796a1fef53fffdf990be54f950a21eac4ad72d0
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - rake-10.0.3.gem
Rake is a Make-like program implemented in Ruby. Tasks and dependencies arespecified in standard Ruby syntax.
Library home page: https://rubygems.org/gems/rake-10.0.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rake-10.0.3.gem
Dependency Hierarchy:
Found in HEAD commit: b796a1fef53fffdf990be54f950a21eac4ad72d0
Found in base branch: master
Vulnerability Details
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character
|.Publish Date: 2020-02-24
URL: CVE-2020-8130
CVSS 3 Score Details (6.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8130
Release Date: 2020-06-30
Fix Resolution: v12.3.3
Step up your Open Source Security Game with Mend here