Amazon Linux 1 Security Advisory: ALAS-2020-1385
Advisory Release Date: 2020-06-23 06:06 Pacific
Advisory Updated Date: 2020-06-26 04:47 Pacific
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. (CVE-2020-8130)
Affected Packages:
rubygem24-rake
Issue Correction:
Run yum update rubygem24-rake to update your system.
noarch:
rubygem24-rake-doc-12.0.0-1.49.amzn1.noarch
rubygem24-rake-12.0.0-1.49.amzn1.noarch
src:
rubygem24-rake-12.0.0-1.49.amzn1.src