Advisories for Gem/Karo package

2022

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The karo gem for Ruby allows Remote command injection via the host field.

2014

Command injection vulnerability

The file in /lib/karo/db.rb passes unsanitized user supplied input to the command line. This may allow a remote attacker to execute arbitrary commands.