CVE-2025-54314 – thor

Package

Manager: gem
Name: thor
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00024 pctl0.04779

Details

Withdrawn Advisory: Thor can construct an unsafe shell command from library input. ### Withdrawn Advisory This advisory has been withdrawn because the method described can only be used with arguments that are controlled by Thor, and an external attacker cannot access the functionality described in the body of the CVE. This link is maintained to preserve external references. ### Original Description Thor before 1.4.0 can construct an unsafe shell command from library input.

Metadata

Created: 2025-07-20T03:30:19Z
Modified: 2025-08-13T18:55:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-mqcp-p2hv-vw6x/GHSA-mqcp-p2hv-vw6x.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-mqcp-p2hv-vw6x
Finding: F004
Auto approve: 1