CVE-2013-1948 (md2pdf): md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution

April 13th, 2013

ADVISORIES

CVE-2013-1948 (NVD)
GHSA-99ch-8mvp-g7m5
OSVDB-92290

GEM

md2pdf

SEVERITY

CVSS v2.0: 10.0 (High)

PATCHED VERSIONS

None.

DESCRIPTION

md2pdf Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to md2pdf/converter.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands

RubySec

CVE-2013-1948 (md2pdf): md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories