EUVD-2022-2371

Malicious code in bioql PyPI...

Karteek Docsplit vulnerable to OS Command Injection

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

GHSA-4FVG-PWV7-V54G Karteek Docsplit vulnerable to OS Command Injection

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

CVE-2013-1933

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

Code injection

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

CVE-2013-1933

The CVE-2013-1933 issue affects the Karteek Docsplit Ruby gem (version 0.5.4). The root cause is inadequate sanitization in extract_from_ocr (text_extractor.rb), allowing a context-dependent attacker to inject shell metacharacters via a PDF filename and execute arbitrary commands on the affected ...

CVE-2013-1933

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

RubyGems karteek-docsplit 'text_extractor.rb'远程命令执行漏洞

BUGTRAQ ID: 58931 CVECAN ID: CVE-2013-1933 karteek-docsplit是命令行工具和分割文档的Ruby库。 karteek-docsplit 0.5.4及其他版本没有过滤输入的shell元字符。攻击者通过构造含有shell字符的文件名的文件，并诱使用户提取该文件，则可导致在受影响应用上下文中执行任意命令。 问题代码: ---------------------------------------------------------------------------...

Ruby Gem Karteek Docsplit 0.5.4 Command Injection

Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 4/1/2013 Larry W. Cashdollar @larry0 User supplied input isn't sanitized against shell metacharacters and is fed directly to the shell. If the user is tricked into extracting a file with shell characters in the name code can be executed...

Karteek Docsplit Gem for Ruby text_extractor.rb File Name Shell Metacharacter Injection Arbitrary Command Execution

Karteek Docsplit Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to textextractor.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...