2 matches found
CVE-2013-1933
The CVE-2013-1933 issue affects the Karteek Docsplit Ruby gem (version 0.5.4). The root cause is inadequate sanitization in extract_from_ocr (text_extractor.rb), allowing a context-dependent attacker to inject shell metacharacters via a PDF filename and execute arbitrary commands on the affected ...
Ruby Gem Karteek Docsplit 0.5.4 Command Injection
Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 4/1/2013 Larry W. Cashdollar @larry0 User supplied input isn't sanitized against shell metacharacters and is fed directly to the shell. If the user is tricked into extracting a file with shell characters in the name code can be executed...