Vulnerability Details CVE-2015-7541
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.9%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 10.0
References
- http://rubysec.com/advisories/CVE-2015-7541/
- http://www.openwall.com/lists/oss-security/2016/01/05/2
- https://github.com/quadule/colorscore/commit/570b5e854cecddd44d2047c44126aed951b61718
- http://rubysec.com/advisories/CVE-2015-7541/
- http://www.openwall.com/lists/oss-security/2016/01/05/2
- https://github.com/quadule/colorscore/commit/570b5e854cecddd44d2047c44126aed951b61718
Products affected by CVE-2015-7541
-
cpe:2.3:a:colorscore_project:colorscore:0.0.1
-
cpe:2.3:a:colorscore_project:colorscore:0.0.2
-
cpe:2.3:a:colorscore_project:colorscore:0.0.3
-
cpe:2.3:a:colorscore_project:colorscore:0.0.4