Lucene search

K
cve[email protected]CVE-2014-2322
HistoryMay 02, 2014 - 2:55 p.m.

CVE-2014-2322

2014-05-0214:55:00
NVD-CWE-Other
web.nvd.nist.gov
35
lib
string_utf_support
remote attackers
arbitrary commands
shell metacharacters
downloaded_file
url
security vulnerability
nvd
cve-2014-2322

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.3%

lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.3%

Related for CVE-2014-2322