Some Ruby core methods accept string data that includes text to be executed as a system command.
They should not be called with unknown or unsanitized commands.
These methods include:
‘command` (backtick method) (also called by the expression %x[command]).
IO.popen (when called with other than "-").
Ruby Core © 1993–2025 Yukihiro Matsumoto
Licensed under the Ruby License.
Ruby Standard Library © contributors
Licensed under their own licenses.