Remote command Injection in Creme Fraiche 0.6 Ruby Gem
A malicious email attachment with a file name consisting of shell metacharacters could inject commands into the shell. If the attacker is allowed to specify a filename (via a web gui) commands could be injected that way as well.