Skip to content

Commit

Permalink
Fix ruby-mode.el local command injection vulnerability (bug#60268)
Browse files Browse the repository at this point in the history 
* lisp/progmodes/ruby-mode.el
(ruby-find-library-file): Fix local command injection vulnerability.
  • Loading branch information
@lu4nx @dgutov
lu4nx authored and dgutov committed Dec 23, 2022
1 parent 4b44a39 commit 9a3b080
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lisp/progmodes/ruby-mode.el
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1899,7 +1899,7 @@ or `gem' statement around point."
(setq feature-name (read-string "Feature name: " init))))
(let ((out
(substring
(shell-command-to-string (concat "gem which " feature-name))
(shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
0 -1)))
(if (string-match-p "\\`ERROR" out)
(user-error "%s" out)
Expand Down

0 comments on commit 9a3b080

Please sign in to comment.