Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters

lib/stringutfsupport.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 downloadedfile or 2 url variable...

CVE-2014-2322

CVE-2014-2322 affects the Arabic Prawn Ruby gem (version 0.0.1). The vulnerability is in lib/string_utf_support.rb, where unsanitized user input is passed to the shell, allowing remote command execution via shell metacharacters in the downloaded_file or url variables. This is a remote command inj...