Kyoshida

**Name of the Vulnerable Software and Affected Versions** Rake versions prior to 12.3.3 **Description** The issue is related to an OS command injection vulnerability in the Rake::FileList class of the Rake build automation tool. This vulnerability arises from the failure to neutralize special elements used in operating system commands. Exploitation of this issue can allow an attacker to execute arbitrary commands. The vulnerability is triggered when a filename starting with the pipe character `|` is supplied. **Recommendations** For versions prior to 12.3.3, update to version 12.3.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of filenames that begin with the pipe character `|` in the Rake::FileList class until a patch is applied. Restrict access to the Rake::FileList class to minimize the risk of exploitation.