CVE-2014-2322 (Arabic-Prawn): Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection

March 10th, 2014

ADVISORIES

CVE-2014-2322 (NVD)
OSVDB-104365

GEM

Arabic-Prawn

SEVERITY

CVSS v2.0: 7.5 (High)

PATCHED VERSIONS

None.

DESCRIPTION

Arabic Prawn Gem for Ruby contains a flaw in the lib/string_utf_support.rb file. The issue is due to the program failing to sanitize user input. This may allow a remote attacker to inject arbitrary commands.

RubySec

CVE-2014-2322 (Arabic-Prawn): Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories