Advisories for Gem/Colorscore package

2016

Arbitrary Command Injection

The contents of the image_path, colors, and depth variables generated from possibly user-supplied input are passed directly to the shell. If a user supplies a value that includes shell metacharacters such as ';', an attacker may be able to execute shell commands on the remote system as the user id of the Ruby process.