Lucene search
GoogleOSV:GHSA-99CH-8MVP-G7M5HistoryOct 24, 2017 - 6:33 p.m.
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename
2017-10-2418:33:37
Google
osv.dev
64
EPSS
0.003
Percentile
68.3%
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
References
vapid.dhs.org/advisories/md2pdf-remote-exec.html
exchange.xforce.ibmcloud.com/vulnerabilities/83416
github.com/rubysec/ruby-advisory-db/blob/master/gems/md2pdf/CVE-2013-1948.yml
github.com/rwestgeest/md2pdf
nvd.nist.gov/vuln/detail/CVE-2013-1948
web.archive.org/web/20130503194109/www.securityfocus.com/bid/59061
Related
packetstorm
packetstorm
Ruby Gem md2pdf Command Injection
2013-04-15 00:00:00
zdt
zdt
Ruby Gem md2pdf Command Injection Vulnerability
2013-04-16 00:00:00
github
github
rubygems
rubygems
nvd
nvd
CVE-2013-1948
2013-04-25 23:55:01
cvelist
cvelist
CVE-2013-1948
2013-04-25 23:00:00
prion
prion
Design/Logic Flaw
2013-04-25 23:55:00
seebug
seebug
RubyGems 'md2pdf'远程命令注入漏洞(CVE-2013-1948)
2013-04-17 00:00:00
cve
cve
CVE-2013-1948
2013-04-25 23:55:01