CVE-2013-1948 - converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrar

CVE-2013-1948

Summary

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.

References

http://osvdb.org/92290
http://vapid.dhs.org/advisories/md2pdf-remote-exec.html
http://www.securityfocus.com/bid/59061
https://exchange.xforce.ibmcloud.com/vulnerabilities/83416

Vulnerable Configurations

cpe:2.3:a:rob_westgeest:md2pdf:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rob_westgeest:md2pdf:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 29-08-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	59061
misc	http://vapid.dhs.org/advisories/md2pdf-remote-exec.html
osvdb	92290
xf	md2pdf-cve20131948-command-exec(83416)

Last major update

29-08-2017 - 01:33

Published

25-04-2013 - 23:55

Last modified

29-08-2017 - 01:33