Heroku Potential security vulnerability in Ruby and YAML parsing command line check

Question

I received this Heroku vulnerability email:

https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/?mkt_tok=3RkMMJWWfF9wsRonuKjAZKXonjHpfsX%2B6u8vXaO%2FlMI%2F0ER3fOvrPUfGjI4ASsNjI%2BSLDwEYGJlv6SgFQrjAMapmyLgLUhE%3D

In the email, it says:

Check if you’re affected

Run the following on your app:

 $ heroku run “ruby -rpsych -e \”p Psych.libyaml_version.join(‘.’)\”” -a <app name>

If you see the following error message, then you are not vulnerable and can ignore the rest of this email:

  <internal:lib/rubygems/custom_require>:29:in `require': no such file to load -- psych (LoadError)
  from <internal:lib/rubygems/custom_require>:29:in `require'

Unfortunately, when I run it, there was an error (using Mac):

 -bash: syntax error near unexpected token `('

How can I run the command line above correctly ? Thanks.

Answer 1

$ heroku run “ruby -rpsych -e \”p Psych.libyaml_version.join(‘.’)\”” -a <app name>

has right and left hand quotes: ” and ’

Change these to straight quotes for starters: " and '