Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:60747
HistoryApr 17, 2013 - 12:00 a.m.

RubyGems 'md2pdf'远程命令注入漏洞(CVE-2013-1948)

2013-04-1700:00:00
Root
www.seebug.org
22

EPSS

0.003

Percentile

68.3%

JSON

BUGTRAQ ID: 59061
CVE(CAN) ID: CVE-2013-1948

md2pdf是将Markdown文档转换为PDF文档的软件。

md2pdf converter.rb中的用户输入,没有经过过滤即传递给命令行,攻击者可利用此漏洞在受影响应用中执行任意命令。
0
rubygems md2pdf
厂商补丁:

rubygems

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

https://rubygems.org/gems/md2pdf

Related

packetstorm 1
osv 1
zdt 1
github 1
rubygems 1
nvd 1
cvelist 1
prion 1
cve 1
packetstorm
packetstorm
Ruby Gem md2pdf Command Injection
2013-04-15 00:00:00
osv
osv
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename
2017-10-24 18:33:37
zdt
zdt
Ruby Gem md2pdf Command Injection Vulnerability
2013-04-16 00:00:00
github
github
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename
2017-10-24 18:33:37
rubygems
rubygems
md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
2013-04-12 20:00:00
nvd
nvd
CVE-2013-1948
2013-04-25 23:55:01
cvelist
cvelist
CVE-2013-1948
2013-04-25 23:00:00
prion
prion
Design/Logic Flaw
2013-04-25 23:55:00
cve
cve
CVE-2013-1948
2013-04-25 23:55:01

EPSS

0.003

Percentile

68.3%

JSON
Related for SSV:60747
packetstorm1osv1zdt1github1rubygems1nvd1cvelist1prion1cve1