ALAS-2020-1385


Amazon Linux AMI Security Advisory: ALAS-2020-1385
Advisory Release Date: 2020-06-26 04:47 Pacific
Severity: Medium
References: CVE-2020-8130 

Issue Overview:

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. (CVE-2020-8130 )


Affected Packages:

rubygem24-rake


Issue Correction:
Run yum update rubygem24-rake to update your system.

New Packages:
noarch:
    rubygem24-rake-doc-12.0.0-1.49.amzn1.noarch
    rubygem24-rake-12.0.0-1.49.amzn1.noarch

src:
    rubygem24-rake-12.0.0-1.49.amzn1.src