CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-10194

The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 80.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.openwall.com/lists/oss-security/2017/01/31/14
http://www.openwall.com/lists/oss-security/2017/02/02/5
https://github.com/spejman/festivaltts4r/issues/1
http://www.openwall.com/lists/oss-security/2017/01/31/14
http://www.openwall.com/lists/oss-security/2017/02/02/5
https://github.com/spejman/festivaltts4r/issues/1

Products affected by CVE-2016-10194

Festivaltts4r Project » Festivaltts4r » Version: N/A

cpe:2.3:a:festivaltts4r_project:festivaltts4r:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10194

Products

Pricing

Contact Us