Ruby-Lang: >> Ruby >> 2.1.1 Security Vulnerabilities
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
CVSS Score
9.3
EPSS Score
0.028
Published
2013-04-25
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
CVSS Score
9.3
EPSS Score
0.02
Published
2013-04-25
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
CVSS Score
10.0
EPSS Score
0.017
Published
2013-04-25
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.
CVSS Score
6.8
EPSS Score
0.005
Published
2013-04-03
Page 4