Description
This script is vulnerable to Ruby code injection.
Ruby code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control
all or part of an input string that is fed into an eval() function call. eval() will execute the argument as code.
Remediation
Your script should properly sanitize user input.
References
Related Vulnerabilities
WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5)
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)
Citrix ADC/Gateway Unauthenticated Remote Code Execution
Apache Solr SSRF CVE-2017-3164
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)