Lucene search
HistoryApr 25, 2013 - 11:55 p.m.
CVE-2013-1948
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
Low
EPSS
0.003
Percentile
68.3%
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
Affected configurations
Node
rob_westgeestmd2pdfMatch0.0.1
ruby-langruby
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rob_westgeest | md2pdf | 0.0.1 | cpe:2.3:a:rob_westgeest:md2pdf:0.0.1:*:*:*:*:*:*:* |
| ruby-lang | ruby | * | cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* |
Related
packetstorm
packetstorm
Ruby Gem md2pdf Command Injection
2013-04-15 00:00:00
osv
osv
zdt
zdt
Ruby Gem md2pdf Command Injection Vulnerability
2013-04-16 00:00:00
github
github
rubygems
rubygems
prion
prion
Design/Logic Flaw
2013-04-25 23:55:00
cvelist
cvelist
CVE-2013-1948
2013-04-25 23:00:00
seebug
seebug
RubyGems 'md2pdf'远程命令注入漏洞(CVE-2013-1948)
2013-04-17 00:00:00
cve
cve
CVE-2013-1948
2013-04-25 23:55:01
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
Low
EPSS
0.003
Percentile
68.3%
Related for NVD:CVE-2013-1948