guard-rspec-4.7.3.gem: 1 vulnerabilities (highest severity is: 2.8) #77
Description
Vulnerable Library - guard-rspec-4.7.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/thor-1.2.1.gem
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Exploit Maturity | EPSS | Dependency | Type | Fixed in (guard-rspec version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2025-54314 |  Low |
2.8 | Not Defined | 0.0% | thor-1.2.1.gem | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-54314
Vulnerable Library - thor-1.2.1.gem
Thor is a toolkit for building powerful command-line interfaces.
Library home page: https://rubygems.org/gems/thor-1.2.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/thor-1.2.1.gem
Dependency Hierarchy:
- guard-rspec-4.7.3.gem (Root Library)
- guard-2.17.0.gem
- ❌ thor-1.2.1.gem (Vulnerable Library)
- guard-2.17.0.gem
Found in base branch: main
Vulnerability Details
Thor before 1.4.0 can construct an unsafe shell command from library input.
Publish Date: 2025-07-20
URL: CVE-2025-54314
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (2.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2025-07-20
Fix Resolution: thor - 1.4.0