Arbitrary Code Execution in Histogram Class of colorscore Gem

Arbitrary Code Execution in Histogram Class of colorscore Gem

CVE-2015-7541 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.

Learn more about our Web Application Penetration Testing UK.