rake vulnerability found in …/vim-multiple-cursors/Gemfile.lock
xros opened this issue · 0 comments
xros commented
There's a vulnerablity: CVE-2020-8130
OS Command Injection in Rake
Remediation
Upgrade rake to version 12.3.3 or later. For example:
gem "rake", ">= 12.3.3"
I used vim-multiple-cursors in my Vim dotfiles. The github bot alerts me of the vulnerablity.
In my dotfiles' pull request : xros/dotfiles#40
Commits: xros/dotfiles@23006e1
I think this can be merge into the original vim-mutiple-cursors plugin.
Which is at https://github.com/terryma/vim-multiple-cursors/blob/master/Gemfile.lock#L5
And change it to 12.3.3