converter.rb
in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
vapid.dhs.org/advisories/md2pdf-remote-exec.html
exchange.xforce.ibmcloud.com/vulnerabilities/83416
github.com/rubysec/ruby-advisory-db/blob/master/gems/md2pdf/CVE-2013-1948.yml
github.com/rwestgeest/md2pdf
nvd.nist.gov/vuln/detail/CVE-2013-1948
web.archive.org/web/20130503194109/www.securityfocus.com/bid/59061