RubySec

Providing security resources for the Ruby community

CVE-2019-10780 (bibtex-ruby): OS command injection in BibTeX-Ruby

ADVISORIES

GEM

bibtex-ruby

SEVERITY

CVSS v3: 9.8

PATCHED VERSIONS

  • >= 5.1.0

DESCRIPTION

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.