CVE-2015-7541

Name of the Vulnerable Software and Affected Versions colorscore gem versions prior to 0.0.5

Description The issue is related to the initialize method in the Histogram class, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in the image path, colors, or depth variable. This is due to a lack of input data sanitization measures. The exploitation of this issue can enable a remote attacker to execute arbitrary code.

Recommendations For versions prior to 0.0.5, update to version 0.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the image path, colors, and depth variables in the initialize method of the Histogram class to minimize the risk of exploitation.