Arbitrary Code Execution in Histogram Class of colorscore Gem
CVE-2015-7541 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
Learn more about our Web Application Penetration Testing UK.