Philcryoport

**Name of the Vulnerable Software and Affected Versions** Ruby versions prior to 2.4.4 **Description** The issue is related to the `lazy initialize` function in `lib/resolv.rb`, which may allow command injection attacks due to the use of `Kernel#open`. This could be exploited by passing a `Resolv::Hosts::new` argument starting with a '|' character. The vulnerability is more likely to be exploited in situations where untrusted input is processed. **Recommendations** For Ruby versions prior to 2.4.4, update to a version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of untrusted input in the `Resolv::Hosts::new` argument to minimize the risk of exploitation.