CVE-2013-1607 (pdfkit): PDFKit Gem for Ruby PDF File Generation Parameter Handling Remote Code Execution

PDFKit Gem for Ruby PDF File Generation Parameter Handling Remote Code Execution

Published: February 21, 2013

SECURITY IDENTIFIERS

CVE: CVE-2013-1607 (NVD)
GHSA: GHSA-39v7-xpq4-8884
OSVDB: OSVDB-90867

GEM

pdfkit

SEVERITY

CVSS v3.x: 9.8 (Critical)

PATCHED VERSIONS

>= 0.5.3

DESCRIPTION

PDFKit Gem for Ruby contains a flaw that is due to the program failing to properly validate input during the handling of parameters when generating PDF files. This may allow a remote attacker to potentially execute arbitrary code via the pdfkit generation options.

RubySec