What the vulnerability does

01Description

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

Key dates

02Disclosure timeline

February 24, 2020 CVE published
August 4, 2024 Record updated