[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
emacs-29 9a3b08061f: Fix ruby-mode.el local command injection vulnerabil
From: |
Dmitry Gutov |
Subject: |
emacs-29 9a3b08061f: Fix ruby-mode.el local command injection vulnerability (bug#60268) |
Date: |
Fri, 23 Dec 2022 18:43:31 -0500 (EST) |
branch: emacs-29
commit 9a3b08061feea14d6f37685ca1ab8801758bfd1c
Author: Xi Lu <lx@shellcodes.org>
Commit: Dmitry Gutov <dgutov@yandex.ru>
Fix ruby-mode.el local command injection vulnerability (bug#60268)
* lisp/progmodes/ruby-mode.el
(ruby-find-library-file): Fix local command injection vulnerability.
---
lisp/progmodes/ruby-mode.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
index 1f3e9b6ae7..a4aa61905e 100644
--- a/lisp/progmodes/ruby-mode.el
+++ b/lisp/progmodes/ruby-mode.el
@@ -1899,7 +1899,7 @@ or `gem' statement around point."
(setq feature-name (read-string "Feature name: " init))))
(let ((out
(substring
- (shell-command-to-string (concat "gem which " feature-name))
+ (shell-command-to-string (concat "gem which " (shell-quote-argument
feature-name)))
0 -1)))
(if (string-match-p "\\`ERROR" out)
(user-error "%s" out)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- emacs-29 9a3b08061f: Fix ruby-mode.el local command injection vulnerability (bug#60268),
Dmitry Gutov <=