事例:CVE-2021-43809:Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile(bundler)
https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
Pass "--" to git commands to separate positional and optional args
local code execution
未検証
shell injection
?
#bundler
#事例