Ruby/rake/0.9.0.beta.0
Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax. Rake has the following features: * Rakefiles (rake's version of Makefiles) are completely defined in standard Ruby syntax. No XML files to edit. No quirky Makefile syntax to worry about (is that a tab or a space?) * Users can specify tasks with prerequisites. * Rake supports rule patterns to synthesize implicit tasks. * Flexible FileLists that act like arrays but know about manipulating file names and paths. * Supports parallel execution of tasks.
https://rubygems.org/gems/rake
UNKNOWN
2 Security Vulnerabilities
OS Command Injection in Rake
Published date: 2020-02-28T16:54:36Z
CVE: CVE-2020-8130
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8130
- https://github.com/advisories/GHSA-jppv-gw3r-w3q8
- https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee
- https://hackerone.com/reports/651518
- https://lists.debian.org/debian-lts-announce/2020/02/msg00026.html
- https://usn.ubuntu.com/4295-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/523CLQ62VRN3VVC52KMPTROCCKY4Z36B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXMX4ARNX2JLRJMSH4N3J3UBMUT5CI44/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rake/CVE-2020-8130.yml
There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.
Affected versions:
["12.3.2", "12.3.1", "12.3.0", "12.2.1", "12.2.0", "12.1.0", "12.0.0", "12.0.0.beta1", "11.3.0", "11.2.2", "11.2.0", "11.1.2", "11.1.1", "11.1.0", "11.0.1", "10.5.0", "10.4.2", "10.4.1", "10.4.0", "10.3.2", "10.3.1", "10.3.0", "10.2.2", "10.2.1", "10.2.0", "10.1.1", "10.1.0", "10.1.0.beta.3", "10.1.0.beta.2", "10.1.0.beta.1", "10.0.4", "10.0.3", "10.0.2", "10.0.1", "10.0.0", "10.0.0.beta.2", "10.0.0.beta.1", "0.9.6", "0.9.5", "0.9.4", "0.9.3", "0.9.3.beta.4", "0.9.3.beta.3", "0.9.3.beta.2", "0.9.3.beta.1", "0.9.2.2", "0.9.2", "0.9.1", "0.9.0", "0.9.0.beta.5", "0.9.0.beta.4", "0.9.0.beta.2", "0.9.0.beta.1", "0.9.0.beta.0", "0.8.7", "0.8.6", "0.8.5", "0.8.4", "0.8.3", "0.8.2", "0.8.1", "0.8.0", "0.7.3", "0.7.2", "0.7.1", "0.7.0", "0.6.2", "0.6.0", "0.5.4", "0.5.3", "0.5.0", "0.4.15", "0.4.14", "0.4.13", "0.4.12", "0.4.11", "0.4.10", "0.4.9", "0.4.8"]
Secure versions:
[13.0.1, 13.0.0, 13.0.0.pre.1, 12.3.3, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.1.0, 13.2.0, 13.2.1]
Recommendation:
Update to version 13.2.1.
OS Command Injection in Rake
Published date: 2019-08-29
CVE: 2020-8130
CVSS V2: 9.3
CVSS V3: 8.1
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in
Rake::FileList when supplying a filename that begins with the pipe character
|.
Affected versions:
["12.3.2", "12.3.1", "12.3.0", "12.2.1", "12.2.0", "12.1.0", "12.0.0", "12.0.0.beta1", "11.3.0", "11.2.2", "11.2.0", "11.1.2", "11.1.1", "11.1.0", "11.0.1", "10.5.0", "10.4.2", "10.4.1", "10.4.0", "10.3.2", "10.3.1", "10.3.0", "10.2.2", "10.2.1", "10.2.0", "10.1.1", "10.1.0", "10.1.0.beta.3", "10.1.0.beta.2", "10.1.0.beta.1", "10.0.4", "10.0.3", "10.0.2", "10.0.1", "10.0.0", "10.0.0.beta.2", "10.0.0.beta.1", "0.9.6", "0.9.5", "0.9.4", "0.9.3", "0.9.3.beta.4", "0.9.3.beta.3", "0.9.3.beta.2", "0.9.3.beta.1", "0.9.2.2", "0.9.2", "0.9.1", "0.9.0", "0.9.0.beta.5", "0.9.0.beta.4", "0.9.0.beta.2", "0.9.0.beta.1", "0.9.0.beta.0", "0.8.7", "0.8.6", "0.8.5", "0.8.4", "0.8.3", "0.8.2", "0.8.1", "0.8.0", "0.7.3", "0.7.2", "0.7.1", "0.7.0", "0.6.2", "0.6.0", "0.5.4", "0.5.3", "0.5.0", "0.4.15", "0.4.14", "0.4.13", "0.4.12", "0.4.11", "0.4.10", "0.4.9", "0.4.8"]
Secure versions:
[13.0.1, 13.0.0, 13.0.0.pre.1, 12.3.3, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.1.0, 13.2.0, 13.2.1]
Recommendation:
Update to version 13.2.1.
91 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 13.2.1 | MIT | 2024-04-05 - 06:28 | 7 months | |
| 13.2.0 | MIT | 2024-04-02 - 01:31 | 7 months | |
| 13.1.0 | MIT | 2023-10-28 - 01:23 | about 1 year | |
| 13.0.6 | MIT | 2021-07-09 - 02:52 | over 3 years | |
| 13.0.5 | MIT | 2021-07-08 - 08:59 | over 3 years | |
| 13.0.4 | MIT | 2021-07-06 - 11:17 | over 3 years | |
| 13.0.3 | MIT | 2020-12-21 - 02:12 | almost 4 years | |
| 13.0.2 | MIT | 2020-12-19 - 07:51 | almost 4 years | |
| 13.0.1 | MIT | 2019-11-12 - 03:47 | almost 5 years | |
| 13.0.0 | MIT | 2019-09-27 - 08:22 | about 5 years | |
| 13.0.0.pre.1 | MIT | 2019-09-09 - 07:17 | about 5 years | |
| 12.3.3 | MIT | 2019-07-22 - 01:30 | over 5 years | |
| 12.3.2 | MIT | 2 | 2018-12-07 - 09:47 | almost 6 years |
| 12.3.1 | MIT | 2 | 2018-03-22 - 04:46 | over 6 years |
| 12.3.0 | MIT | 2 | 2017-11-15 - 17:04 | almost 7 years |
| 12.2.1 | MIT | 2 | 2017-10-25 - 02:05 | about 7 years |
| 12.2.0 | MIT | 2 | 2017-10-25 - 01:05 | about 7 years |
| 12.1.0 | MIT | 2 | 2017-09-11 - 02:23 | about 7 years |
| 12.0.0 | MIT | 2 | 2016-12-06 - 11:44 | almost 8 years |
| 12.0.0.beta1 | MIT | 2 | 2016-12-02 - 09:07 | almost 8 years |
| 11.3.0 | MIT | 2 | 2016-09-20 - 08:48 | about 8 years |
| 11.2.2 | MIT | 2 | 2016-06-12 - 02:03 | over 8 years |
| 11.2.0 | MIT | 2 | 2016-06-11 - 09:19 | over 8 years |
| 11.1.2 | MIT | 2 | 2016-03-27 - 13:25 | over 8 years |
| 11.1.1 | MIT | 2 | 2016-03-14 - 04:48 | over 8 years |
| 11.1.0 | MIT | 2 | 2016-03-11 - 03:37 | over 8 years |
| 11.0.1 | MIT | 2 | 2016-03-09 - 07:58 | over 8 years |
| 10.5.0 | MIT | 2 | 2016-01-13 - 00:47 | almost 9 years |
| 10.4.2 | MIT | 2 | 2014-12-03 - 07:34 | almost 10 years |
| 10.4.1 | MIT | 2 | 2014-12-02 - 05:51 | almost 10 years |
| 10.4.0 | MIT | 2 | 2014-11-25 - 06:09 | almost 10 years |
| 10.3.2 | MIT | 2 | 2014-05-16 - 04:15 | over 10 years |
| 10.3.1 | MIT | 2 | 2014-04-17 - 23:26 | over 10 years |
| 10.3.0 | MIT | 2 | 2014-04-15 - 23:03 | over 10 years |
| 10.2.2 | MIT | 2 | 2014-03-27 - 23:07 | over 10 years |
| 10.2.1 | MIT | 2 | 2014-03-25 - 22:36 | over 10 years |
| 10.2.0 | MIT | 2 | 2014-03-24 - 21:05 | over 10 years |
| 10.1.1 | MIT | 2 | 2013-12-20 - 05:35 | almost 11 years |
| 10.1.0 | MIT | 2 | 2013-06-20 - 03:32 | over 11 years |
| 10.1.0.beta.3 | MIT | 2 | 2013-04-30 - 21:28 | over 11 years |
| 10.1.0.beta.2 | MIT | 2 | 2013-04-30 - 20:52 | over 11 years |
| 10.1.0.beta.1 | MIT | 2 | 2013-04-26 - 21:18 | over 11 years |
| 10.0.4 | MIT | 2 | 2013-03-25 - 18:19 | over 11 years |
| 10.0.3 | UNKNOWN | 2 | 2012-12-12 - 21:35 | almost 12 years |
| 10.0.2 | UNKNOWN | 2 | 2012-11-19 - 14:36 | almost 12 years |
| 10.0.1 | UNKNOWN | 2 | 2012-11-14 - 21:36 | almost 12 years |
| 10.0.0 | UNKNOWN | 2 | 2012-11-12 - 17:21 | almost 12 years |
| 10.0.0.beta.2 | UNKNOWN | 2 | 2012-10-26 - 22:39 | about 12 years |
| 10.0.0.beta.1 | UNKNOWN | 2 | 2012-10-25 - 19:07 | about 12 years |
| 0.9.6 | UNKNOWN | 2 | 2012-12-12 - 21:34 | almost 12 years |
| 0.9.5 | UNKNOWN | 2 | 2012-11-19 - 14:25 | almost 12 years |
| 0.9.4 | UNKNOWN | 2 | 2012-11-14 - 21:22 | almost 12 years |
| 0.9.3 | UNKNOWN | 2 | 2012-11-12 - 17:20 | almost 12 years |
| 0.9.3.beta.2 | UNKNOWN | 2 | 2012-10-22 - 18:51 | about 12 years |
| 0.9.3.beta.3 | UNKNOWN | 2 | 2012-10-25 - 18:55 | about 12 years |
| 0.9.3.beta.1 | UNKNOWN | 2 | 2011-08-06 - 02:34 | over 13 years |
| 0.9.3.beta.4 | UNKNOWN | 2 | 2012-11-09 - 20:43 | almost 12 years |
| 0.9.2.2 | UNKNOWN | 2 | 2011-10-22 - 15:19 | about 13 years |
| 0.9.2 | UNKNOWN | 2 | 2011-06-05 - 23:34 | over 13 years |
| 0.9.1 | UNKNOWN | 2 | 2011-06-01 - 05:04 | over 13 years |
| 0.9.0 | UNKNOWN | 2 | 2011-05-20 - 16:17 | over 13 years |
| 0.9.0.beta.5 | UNKNOWN | 2 | 2011-03-14 - 01:18 | over 13 years |
| 0.9.0.beta.4 | UNKNOWN | 2 | 2011-03-06 - 23:45 | over 13 years |
| 0.9.0.beta.0 | UNKNOWN | 2 | 2011-02-23 - 04:42 | over 13 years |
| 0.9.0.beta.1 | UNKNOWN | 2 | 2011-02-28 - 12:24 | over 13 years |
| 0.9.0.beta.2 | UNKNOWN | 2 | 2011-03-05 - 21:53 | over 13 years |
| 0.8.7 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.8.6 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.8.5 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.8.4 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.8.3 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.8.2 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.8.1 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.8.0 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.7.3 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.7.2 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.7.1 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.7.0 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.6.2 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.6.0 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.5.4 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.5.3 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.5.0 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.4.15 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.4.14 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.4.13 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.4.12 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.4.11 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.4.10 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.4.9 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |
| 0.4.8 | UNKNOWN | 2 | 2009-07-25 - 18:01 | over 15 years |