Amazon Linux 1 Security Advisory: ALAS-2020-1384
Advisory Release Date: 2020-06-23 06:05 Pacific
Advisory Updated Date: 2020-06-26 04:47 Pacific
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. (CVE-2020-8130)
Affected Packages:
rubygem-rake
Issue Correction:
Run yum update rubygem-rake to update your system.
noarch:
rubygem21-rake-doc-10.4.2-1.48.amzn1.noarch
rubygem20-rake-10.4.2-1.48.amzn1.noarch
rubygem23-rake-10.4.2-1.48.amzn1.noarch
rubygem21-rake-10.4.2-1.48.amzn1.noarch
rubygem22-rake-doc-10.4.2-1.48.amzn1.noarch
rubygem23-rake-doc-10.4.2-1.48.amzn1.noarch
rubygem22-rake-10.4.2-1.48.amzn1.noarch
rubygem20-rake-doc-10.4.2-1.48.amzn1.noarch
src:
rubygem-rake-10.4.2-1.48.amzn1.src