Skip to content
This repository has been archived by the owner on Jan 2, 2022. It is now read-only.

Remote Code Execution #1

Closed
bcoles opened this issue Apr 22, 2016 · 3 comments
Closed

Remote Code Execution #1

bcoles opened this issue Apr 22, 2016 · 3 comments

Comments

@bcoles
Copy link

bcoles commented Apr 22, 2016
edited
Loading

espeak-http allows remote code execution due to insufficient input validation in the underlying espeak-ruby library, as per: dejan/espeak-ruby#7

Proof of concept:
@dejan
Copy link
Owner

dejan commented May 14, 2016
edited
Loading

@bcoles I've merged your fix. Thanks.

@dejan dejan closed this as completed May 14, 2016
@mveytsman
Copy link

@dejan Can you bump the dependency to espeak-ruby 1.0.3 so that this vulnerability is addressed?

Cheers,

@dejan
Copy link
Owner

dejan commented Feb 1, 2017
edited
Loading

@mveytsman done. thank you for reporting.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dejan @mveytsman @bcoles