This script is vulnerable to Ruby code injection.
Ruby code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call. eval() will execute the argument as code.
Your script should properly sanitize user input.
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7)
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability
Oracle WebLogic Server unauthenticated remote code execution
WordPress Plugin Dynamic Content for Elementor Remote Code Execution (18.104.22.168)