Ruby/rake/10.1.0.beta.3
Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax. Rake has the following features: * Rakefiles (rake's version of Makefiles) are completely defined in standard Ruby syntax. No XML files to edit. No quirky Makefile syntax to worry about (is that a tab or a space?) * Users can specify tasks with prerequisites. * Rake supports rule patterns to synthesize implicit tasks. * Flexible FileLists that act like arrays but know about manipulating file names and paths. * Supports parallel execution of tasks.
https://rubygems.org/gems/rake
MIT
2 Security Vulnerabilities
OS Command Injection in Rake
Published date: 2020-02-28T16:54:36Z
CVE: CVE-2020-8130
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8130
- https://github.com/advisories/GHSA-jppv-gw3r-w3q8
- https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee
- https://hackerone.com/reports/651518
- https://lists.debian.org/debian-lts-announce/2020/02/msg00026.html
- https://usn.ubuntu.com/4295-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rake/CVE-2020-8130.yml
There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.
Affected versions:
["12.3.2", "12.3.1", "12.3.0", "12.2.0", "12.0.0.beta1", "11.2.2", "11.2.0", "11.1.2", "11.0.1", "10.5.0", "10.4.1", "10.3.2", "10.3.0", "10.2.0", "10.1.1", "10.1.0.beta.3", "10.1.0.beta.1", "10.0.4", "10.0.3", "10.0.1", "10.0.0", "0.9.3", "0.9.3.beta.2", "0.9.3.beta.1", "0.9.2.2", "0.9.0", "0.9.0.beta.4", "0.9.0.beta.2", "0.9.0.beta.1", "0.8.5", "0.8.2", "0.8.0", "0.7.3", "0.7.2", "0.7.0", "0.5.3", "0.5.0", "0.4.15", "0.4.14", "0.4.13", "0.4.12", "0.4.8", "12.2.1", "12.1.0", "12.0.0", "11.3.0", "11.1.1", "11.1.0", "10.4.2", "10.4.0", "10.3.1", "10.2.2", "10.2.1", "10.1.0", "10.1.0.beta.2", "10.0.2", "10.0.0.beta.2", "10.0.0.beta.1", "0.9.6", "0.9.5", "0.9.4", "0.9.3.beta.4", "0.9.3.beta.3", "0.9.2", "0.9.1", "0.9.0.beta.5", "0.9.0.beta.0", "0.8.7", "0.8.6", "0.8.4", "0.8.3", "0.8.1", "0.7.1", "0.6.2", "0.6.0", "0.5.4", "0.4.11", "0.4.10", "0.4.9"]
Secure versions:
[12.3.3, 13.0.0, 13.0.0.pre.1, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.1.0, 13.2.0, 13.2.1, 13.3.0]
Recommendation:
Update to version 13.3.0.
OS Command Injection in Rake
Published date: 2019-08-29
CVE: 2020-8130
CVSS V2: 9.3
CVSS V3: 8.1
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in
Rake::FileList when supplying a filename that begins with the pipe character
|.
Affected versions:
["12.3.2", "12.3.1", "12.3.0", "12.2.0", "12.0.0.beta1", "11.2.2", "11.2.0", "11.1.2", "11.0.1", "10.5.0", "10.4.1", "10.3.2", "10.3.0", "10.2.0", "10.1.1", "10.1.0.beta.3", "10.1.0.beta.1", "10.0.4", "10.0.3", "10.0.1", "10.0.0", "0.9.3", "0.9.3.beta.2", "0.9.3.beta.1", "0.9.2.2", "0.9.0", "0.9.0.beta.4", "0.9.0.beta.2", "0.9.0.beta.1", "0.8.5", "0.8.2", "0.8.0", "0.7.3", "0.7.2", "0.7.0", "0.5.3", "0.5.0", "0.4.15", "0.4.14", "0.4.13", "0.4.12", "0.4.8", "12.2.1", "12.1.0", "12.0.0", "11.3.0", "11.1.1", "11.1.0", "10.4.2", "10.4.0", "10.3.1", "10.2.2", "10.2.1", "10.1.0", "10.1.0.beta.2", "10.0.2", "10.0.0.beta.2", "10.0.0.beta.1", "0.9.6", "0.9.5", "0.9.4", "0.9.3.beta.4", "0.9.3.beta.3", "0.9.2", "0.9.1", "0.9.0.beta.5", "0.9.0.beta.0", "0.8.7", "0.8.6", "0.8.4", "0.8.3", "0.8.1", "0.7.1", "0.6.2", "0.6.0", "0.5.4", "0.4.11", "0.4.10", "0.4.9"]
Secure versions:
[12.3.3, 13.0.0, 13.0.0.pre.1, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.1.0, 13.2.0, 13.2.1, 13.3.0]
Recommendation:
Update to version 13.3.0.
92 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 0.9.6 | UNKNOWN | 2 | 2012-12-12 - 21:34 | over 12 years |
| 0.9.5 | UNKNOWN | 2 | 2012-11-19 - 14:25 | over 12 years |
| 0.9.4 | UNKNOWN | 2 | 2012-11-14 - 21:22 | over 12 years |
| 0.9.3 | UNKNOWN | 2 | 2012-11-12 - 17:20 | over 12 years |
| 0.9.3.beta.1 | UNKNOWN | 2 | 2011-08-06 - 02:34 | almost 14 years |
| 0.9.3.beta.3 | UNKNOWN | 2 | 2012-10-25 - 18:55 | over 12 years |
| 0.9.3.beta.4 | UNKNOWN | 2 | 2012-11-09 - 20:43 | over 12 years |
| 0.9.3.beta.2 | UNKNOWN | 2 | 2012-10-22 - 18:51 | over 12 years |
| 0.9.2.2 | UNKNOWN | 2 | 2011-10-22 - 15:19 | over 13 years |
| 0.9.2 | UNKNOWN | 2 | 2011-06-05 - 23:34 | about 14 years |
| 0.9.1 | UNKNOWN | 2 | 2011-06-01 - 05:04 | about 14 years |
| 0.9.0 | UNKNOWN | 2 | 2011-05-20 - 16:17 | about 14 years |
| 0.9.0.beta.0 | UNKNOWN | 2 | 2011-02-23 - 04:42 | over 14 years |
| 0.9.0.beta.5 | UNKNOWN | 2 | 2011-03-14 - 01:18 | about 14 years |
| 0.9.0.beta.1 | UNKNOWN | 2 | 2011-02-28 - 12:24 | over 14 years |
| 0.9.0.beta.2 | UNKNOWN | 2 | 2011-03-05 - 21:53 | over 14 years |
| 0.9.0.beta.4 | UNKNOWN | 2 | 2011-03-06 - 23:45 | over 14 years |
| 0.8.7 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.8.6 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.8.5 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.8.4 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.8.3 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.8.2 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.8.1 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.8.0 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.7.3 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.7.2 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.7.1 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.7.0 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.6.2 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.6.0 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.5.4 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.5.3 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.5.0 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.4.15 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.4.14 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.4.13 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.4.12 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.4.11 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.4.10 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.4.9 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |
| 0.4.8 | UNKNOWN | 2 | 2009-07-25 - 18:01 | almost 16 years |