Description
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."
References (5)
Core 5
Core References
Third Party Advisory
https://hackerone.com/reports/3260153
Issue Tracking
https://github.com/rails/thor/pull/897
Release Notes
https://github.com/rails/thor/releases/tag/v1.4.0
Scores
CVSS v3
2.8
EPSS
0.0003
EPSS Percentile
9.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-78
Status
published
Products (2)
rubygems/thor
0 - 1.4.0RubyGems
rubyonrails/Thor
< 1.4.0
Published
Jul 20, 2025
Tracked Since
Feb 18, 2026