### [CVE-2017-1000037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000037)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD resulting in code execution

### POC

#### Reference
- https://github.com/justinsteven/advisories/blob/master/2017_rvm_cd_command_execution.md

#### Github
- https://github.com/justinsteven/advisories