CRITICAL
Festivaltts4r Project
CVE published 2017-03-03
CVE-2016-10194
CVE-2016-10194 is a critical command-injection flaw in the Ruby festivaltts4r gem. NVD describes remote attackers being able to execute arbitrary commands by supplying shell metacharacters in a string passed to to_speech or to_mp3 in lib/festivaltts4r/festival4r.rb. The issue is rated CVSS 9.8 (network exploitable, no privileges, no user interaction) and maps to CWE-77. Public references include oss-secur [truncated]