job-iteration 1.1.14
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
high severity CVE-2025-53623>= 1.11
Impact
There is an arbitrary code execution vulnerability in the
CsvEnumerator class of the job-iteration repository. This
vulnerability can be exploited by an attacker to execute arbitrary
commands on the system where the application is running, potentially
leading to unauthorized access, data leakage, or complete system
compromise.
Patches
Issue is fixed in versions 1.11.0 and above.
Workarounds
Users can mitigate the risk by avoiding the use of untrusted input
in the CsvEnumerator class and ensuring that any file paths are
properly sanitized and validated before being passed to the class
methods. Users should avoid calling size on enumerators
constructed with untrusted CSV filenames.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.