From 2267e0e785df88744f071957f62e0af4c91f4a1e Mon Sep 17 00:00:00 2001 From: Drigg3r <drigg3r@yandex.com> Date: Tue, 19 Dec 2017 05:00:04 -0500 Subject: [PATCH] Fixed command Injection Command Injection in Hosts::new() by use of Kernel#open --- lib/resolv.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/resolv.rb b/lib/resolv.rb index 1044b95e6810..56183b837d81 100644 --- a/lib/resolv.rb +++ b/lib/resolv.rb @@ -188,7 +188,7 @@ def lazy_initialize # :nodoc: unless @initialized @name2addr = {} @addr2name = {} - open(@filename, 'rb') {|f| + File.open(@filename, 'rb') {|f| f.each {|line| line.sub!(/#.*/, '') addr, hostname, *aliases = line.split(/\s+/)