Published:
2017/01/24
Last Updated:
2017/01/24
Information from Ruby Programming Shounendan
Vulnerability ID:JVN#50197114
Title:smalruby-editor vulnerable to OS command injection
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
There was OS command injection vulnerability in smalruby-editor version before 0.4.0.
It has been fixed in smalruby-editor version 0.4.1.
The commit is https://github.com/smalruby/smalruby-editor/commit/5b5e7f2ec3808152c772197e0c4143fb507290d5 .
It is recommended that users upgrade as soon as possible.
