CVE-2016-10193

Name of the Vulnerable Software and Affected Versions espeak-ruby gem versions prior to 1.0.3

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes wav method in lib/espeak/speech.rb. This can lead to unauthorized access and control of the system.

Recommendations For espeak-ruby gem versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting input to the speak, save, bytes, and bytes wav methods to prevent shell metacharacter injection.