Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper text validation enables you to read ENV variables #7

Closed
promix17 opened this issue Apr 13, 2016 · 3 comments
Closed

Improper text validation enables you to read ENV variables #7

promix17 opened this issue Apr 13, 2016 · 3 comments

Comments

@promix17
Copy link

This enables you to read env variables:

  speech = Speech.new("$HOME")
  speech.speak

May be it is possible to perform RCE injection.
@promix17 promix17 changed the title Improper text validation enables read ENV variables Improper text validation enables you to read ENV variables Apr 13, 2016
@bcoles
Copy link
Contributor

bcoles commented Apr 22, 2016

Yes this allows code execution. For example: $(uname)

@bcoles bcoles mentioned this issue Apr 22, 2016
Closed
@bcoles
Copy link
Contributor

bcoles commented Apr 22, 2016

The following methods are vulnerable:

  • speak
  • save
  • bytes
  • bytes_wav

I'll submit a patch shortly.

@bcoles
Copy link
Contributor

bcoles commented Apr 23, 2016

@dejan I've submitted a patch. Please merge and gem push as I would like to use your gem :)

@dejan dejan closed this as completed in 5251744 May 14, 2016
dejan added a commit that referenced this issue May 14, 2016
@dejan
Merge pull request #8 from bcoles/patch-1
119b2d6 
Replace sanitized_text method - Fix #7
dejan added a commit that referenced this issue May 14, 2016
@dejan
Revert "Replace sanitized_text method - Fix #7"
5a63c94
dejan added a commit that referenced this issue May 14, 2016
@dejan
Merge pull request #9 from dejan/revert-8-patch-1
2d19105 
Revert "Replace sanitized_text method - Fix #7"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bcoles @promix17