4 matches found
CVE-2013-1948
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...
CVE-2013-1948
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...
RubyGems 'md2pdf'远程命令注入漏洞(CVE-2013-1948)
BUGTRAQ ID: 59061 CVECAN ID: CVE-2013-1948 md2pdf是将Markdown文档转换为PDF文档的软件。 md2pdf converter.rb中的用户输入,没有经过过滤即传递给命令行,攻击者可利用此漏洞在受影响应用中执行任意命令。 0 rubygems md2pdf 厂商补丁: rubygems -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: https://rubygems.org/gems/md2pdf...
Ruby Gem md2pdf Command Injection Vulnerability
Ruby Gem md2pdf suffers from a remote command injection vulnerability. Remote command injection md2pdf ruby gem 4/10/2013 Description: "creates pdf documents from markdown documents" https://rubygems.org/gems/md2pdf In md2pdf/converter.rb we see user supplied input being passed to the command lin...