RubySec

Providing security resources for the Ruby community

CVE-2014-2322 (Arabic-Prawn): Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection

ADVISORIES

GEM

Arabic-Prawn

SEVERITY

CVSS v2.0: 7.5 (High)

PATCHED VERSIONS

None.

DESCRIPTION

Arabic Prawn Gem for Ruby contains a flaw in the lib/string_utf_support.rb file. The issue is due to the program failing to sanitize user input. This may allow a remote attacker to inject arbitrary commands.