Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00ZnZnLXB3djctdjU0Z84AAZ5y

Karteek Docsplit vulnerable to OS Command Injection

The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.

Permalink: https://github.com/advisories/GHSA-4fvg-pwv7-v54g
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00ZnZnLXB3djctdjU0Z84AAZ5y
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago


EPSS Percentage: 0.00294
EPSS Percentile: 0.69541

Identifiers: GHSA-4fvg-pwv7-v54g, CVE-2013-1933
References: Blast Radius: 1.0

Affected Packages

rubygems:karteek-docsplit
Affected Version Ranges: <= 0.5.4
No known fixed version