Sha256: 001e8156565d693222a5ca1c33069fd97a77403d6ed4bd0119d77d651fd609f1

Contents?: true

Size: 522 Bytes

Versions: 9

Compression:

Stored size: 522 Bytes

Contents

--- 
gem: md2pdf
cve: 2013-1948
osvdb: 92290
url: http://osvdb.org/show/osvdb/92290
title: md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
date: 2013-04-13
description: md2pdf Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to md2pdf/converter.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands
cvss_v2: 10.0
patched_versions:

Version data entries

9 entries across 9 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml