masscollaborationlabs/emacs
2
0
Fork 0
mirror of https://github.com/masscollaborationlabs/emacs.git synced 2025-07-09 13:40:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix ruby-mode.el local command injection vulnerability (bug#60268)

Browse source 
* lisp/progmodes/ruby-mode.el
(ruby-find-library-file): Fix local command injection vulnerability.
This commit is contained in:
Xi Lu 2022-12-23 12:52:48 +08:00 committed by Dmitry Gutov
parent 4b44a395b3
commit 9a3b08061f
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lisp/progmodes/ruby-mode.el
View file

@ -1899,7 +1899,7 @@ or `gem' statement around point."
(setq feature-name (read-string "Feature name: " init)))) (setq feature-name (read-string "Feature name: " init))))
(let ((out (let ((out
(substring (substring
(shell-command-to-string (concat "gem which " feature-name)) (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
0 -1))) 0 -1)))
(if (string-match-p "\\`ERROR" out) (if (string-match-p "\\`ERROR" out)
(user-error "%s" out) (user-error "%s" out)