5 matches found
Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem
Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Author: Larry W. Cashdollar, @larry0 Download Site: http://rubygems.org/gems/Arabic-Prawn CVE: 2014-2322 Date: 12/17/2013 In Arabic-Prawn-0.0.1/lib/stringutfsupport.rb, the following lines pass unsanitized input to the shell. 426 var ...
CVE-2014-2322
CVE-2014-2322 affects the Arabic Prawn Ruby gem (version 0.0.1). The vulnerability is in lib/string_utf_support.rb, where unsanitized user input is passed to the shell, allowing remote command execution via shell metacharacters in the downloaded_file or url variables. This is a remote command inj...
CVE-2014-2322
lib/stringutfsupport.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 downloadedfile or 2 url variable...
Ruby Gem Arabic Prawn 0.0.1 Command Injection Vulnerability
Arabic Prawn Ruby gem version 0.0.1 suffers from a remote command injection vulnerability. Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Author: Larry W. Cashdollar, @larry0 Download Site: http://rubygems.org/gems/Arabic-Prawn CVE: 2014-2322 Date: 12/17/2013 In...
Ruby Gem Arabic Prawn 0.0.1 Command Injection
Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Author: Larry W. Cashdollar, @larry0 Download Site: http://rubygems.org/gems/Arabic-Prawn CVE: 2014-2322 Date: 12/17/2013 In Arabic-Prawn-0.0.1/lib/stringutfsupport.rb, the following lines pass unsanitized input to the shell. 426 var ...