Advisory #51
TitleNarou.rb remote code execution via crafted novel information
CVE IDCVE-2021-35514
VendorNarou.rb maintainers
Affected productNarou.rb
Affected versions<= 3.7.2
Vulnerability typeCWE-94 (Code Injection)
DescriptionNarou.rb has a vulnerability that allows a malicious novel to inject arbitrary Ruby code, which leads remote code execution.
StatusFixed in 3.8.0
RecommendationUpdate to 3.8.0 or above.