Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00ZnZnLXB3djctdjU0Z84AAZ5y
Karteek Docsplit vulnerable to OS Command Injection
The extract_from_ocr
function in lib/docsplit/text_extractor.rb
in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00ZnZnLXB3djctdjU0Z84AAZ5y
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
EPSS Percentage: 0.00294
EPSS Percentile: 0.69541
Identifiers: GHSA-4fvg-pwv7-v54g, CVE-2013-1933
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-1933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83277
- http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html
- http://www.openwall.com/lists/oss-security/2013/04/08/15
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/karteek-docsplit/CVE-2013-1933.yml
- https://github.com/advisories/GHSA-4fvg-pwv7-v54g
Affected Packages
rubygems:karteek-docsplit
Affected Version Ranges: <= 0.5.4No known fixed version