colorscore 0.0.3

1 security vulnerability found in version 0.0.3

colorscore Gem for Ruby lib/colorscore/histogram.rb Arbitrary Command Injection

critical severity CVE-2015-7541
critical severity CVE-2015-7541
Patched versions: >= 0.0.5

The contents of the image_path, colors, and depth variables generated from possibly user-supplied input are passed directly to the shell via convert ....

If a user supplies a value that includes shell metacharacters such as ';', an attacker may be able to execute shell commands on the remote system as the user id of the Ruby process.

To resolve this issue, the aforementioned variables (especially image_path) must be sanitized for shell metacharacters.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

Gem version without a license.


Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.

This gem version is available.


This gem version has not been yanked and is still available for usage.