Rake could be made run arbitrary commands it received a specially crafted file.
Software Description:
- rake: Ruby make-like utility
Details:
It was discovered that Rake incorrectly handled certain files.
An attacker could use this issue to possibly execute arbitrary commands.
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: rake 12.3.1-3ubuntu0.1 Ubuntu 18.04 LTS: rake 12.3.1-1ubuntu0.1 Ubuntu 16.04 LTS: rake 10.5.0-2ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4295-1
CVE-2020-8130
Get the latest Linux and open source security news straight to your inbox.