Bump rake from 10.5 to 12.3 to address CVE-2020-8130

rdp / os

The OS gem allows for some easy telling if you’re on windows or not. OS.windows? as well as some other helper utilities

MIT License

144 stars 33 forks source link

Bump rake from 10.5 to 12.3 to address CVE-2020-8130 #78

Open raw-cs opened 3 months ago

raw-cs commented 3 months ago

Addresses CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character \|.

fugufish commented 3 months ago

lol you beat me to it, but I bumped it on mine up to 13 so mine is better than yours.