The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gems documented behavior of using Marshal.load during XML document processing.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Ruby-jss |
Pixar |
* |
1.6.0 (excluding) |
References