CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r

[Max Veytsman <max () appcanary com>]

Two similar vulnerabilities in ruby text-to-speech libraries.

1) espeak-ruby

Rubygem espeak-ruby passes user modifiable strings directly to a shell
command.

An attacker can execute malicious commands by modifying the strings that
are passed as arguments to the speak, save, bytes and bytes_wav methods in
the lib/espeak/speech.rb.

https://github.com/dejan/espeak-ruby/issues/7

Patched in 1.0.3
https://github.com/spejman/festivaltts4r/issues/1

2) festivaltts4r

Rubygem festivaltts4r passes user modifiable strings directly to a shell
command.

An attacker can execute malicious commands by modifying the strings that
are passed as arguments to the to_speech and and to_mp3 methods in
lib/festivaltts4r/festival4r.rb.

https://github.com/spejman/festivaltts4r/issues/1

No patch
Credit: Brendan Coles

--
Max Veytsman
Co-founder appcanary.com
@mveytsman <https://twitter.com/mveytsman>