RDoc -- command injection vulnerability
Alexandr Savca reports:
RDoc used to call Kernel#open to open a local file. If a Ruby project
has a file whose name starts with | and ends with tags, the command
following the pipe character is executed. A malicious Ruby project
could exploit it to run an arbitrary command execution against a user
who attempts to run rdoc command.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright