Description
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slideshow Gallery LITE Arbitrary File Upload (1.4.6)
WordPress Plugin Kimili Flash Embed Unspecified Vulnerability (2.2.1)
WordPress 3.9.x Arbitrary File Deletion Vulnerability (3.9 - 3.9.24)
WordPress Plugin Blunt GA Cross-Site Scripting (4.0.0)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2432)