2 matches found
CVE-2013-1933
The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...
Karteek Docsplit Gem for Ruby text_extractor.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
Karteek Docsplit Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to textextractor.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...