Lucene search
K

4 matches found

NVD
NVD
added 2013/04/25 11:55 p.m.15 views

CVE-2013-1948

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...

10CVSS7.4AI score0.02161EPSS
Exploits3References4
Cvelist
Cvelist
added 2013/04/25 11:0 p.m.18 views

CVE-2013-1948

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...

7.4AI score0.02161EPSS
Exploits3References4
seebug.org
seebug.org
added 2013/04/17 12:0 a.m.31 views

RubyGems 'md2pdf'远程命令注入漏洞(CVE-2013-1948)

BUGTRAQ ID: 59061 CVECAN ID: CVE-2013-1948 md2pdf是将Markdown文档转换为PDF文档的软件。 md2pdf converter.rb中的用户输入,没有经过过滤即传递给命令行,攻击者可利用此漏洞在受影响应用中执行任意命令。 0 rubygems md2pdf 厂商补丁: rubygems -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: https://rubygems.org/gems/md2pdf...

10CVSS6.5AI score0.02161EPSS
Exploits3
0day.today
0day.today
added 2013/04/16 12:0 a.m.56 views

Ruby Gem md2pdf Command Injection Vulnerability

Ruby Gem md2pdf suffers from a remote command injection vulnerability. Remote command injection md2pdf ruby gem 4/10/2013 Description: "creates pdf documents from markdown documents" https://rubygems.org/gems/md2pdf In md2pdf/converter.rb we see user supplied input being passed to the command lin...

10CVSS0.4AI score0.02161EPSS
Exploits3
Rows per page
Query Builder