CNNVD-202507-2535 Information

CNNVD ID

CNNVD-202507-2535

Related CVE

CVE-2025-54314

• CNNVD Published: 2025-07-20

Description (Chinese)

Thor是Ruby on Rails开源的一个用于构建命令行界面的工具包。 Thor 1.4.0之前版本存在操作系统命令注入漏洞，该漏洞源于从库输入构造不安全的shell命令，可能导致命令注入。

Description (English)

Thor is an open-source tool kit for building command line interfaces for Ruby on Railways. Thor 1.4.0 has an operational system command-injection loophole, which originates from the entry of an unsafe shell command from the library, which may lead to an injection.

Hazard Level

Critical

Vulnerability Type

操作系统命令注入

Affected Vendor

Ruby on Rails

Published

2025-07-20

Last Modified

2026-02-24

References

https://github.com/rails/thor/pull/897 https://github.com/rails/thor/releases/tag/v1.4.0 https://github.com/github/advisory-database/pull/5912#issuecomment-3169255309 https://github.com/rails/thor/commit/536b79036a0efb765c1899233412e7b1ca94abfa https://hackerone.com/reports/3260153

Patch

https://github.com/rails/thor/releases