Lucene search
RedhatCVE-2013-1948HistoryApr 25, 2013 - 11:55 p.m.
CVE-2013-1948
2013-04-2523:55:01
redhat
web.nvd.nist.gov
93
cve
2013
1948
converter.rb
md2pdf
gem
ruby
arbitrary command execution
shell metacharacters
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.003
Percentile
68.3%
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
Affected configurations
Node
rob_westgeestmd2pdfMatch0.0.1
ruby-langruby
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rob_westgeest | md2pdf | 0.0.1 | cpe:2.3:a:rob_westgeest:md2pdf:0.0.1:*:*:*:*:*:*:* |
| ruby-lang | ruby | * | cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* |
Related
packetstorm
packetstorm
Ruby Gem md2pdf Command Injection
2013-04-15 00:00:00
osv
osv
zdt
zdt
Ruby Gem md2pdf Command Injection Vulnerability
2013-04-16 00:00:00
github
github
rubygems
rubygems
nvd
nvd
CVE-2013-1948
2013-04-25 23:55:01
cvelist
cvelist
CVE-2013-1948
2013-04-25 23:00:00
prion
prion
Design/Logic Flaw
2013-04-25 23:55:00
seebug
seebug
RubyGems 'md2pdf'远程命令注入漏洞(CVE-2013-1948)
2013-04-17 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.003
Percentile
68.3%
Related for CVE-2013-1948