CVE-2013-1948 – Ruby Gem md2pdf Command Injection

https://notcve.org/view.php?id=CVE-2013-1948

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. converter.rb del md2pdf para Ruby v0.0.1 permite a atacantes dependientes de contexto para ejecutar comandos arbitrarios vía metacaracteres de shell en un nombre de archivo. Ruby Gem md2pdf suffers from a remote command injection vulnerability. • http://osvdb.org/92290 http://vapid.dhs.org/advisories/md2pdf-remote-exec.html http://www.securityfocus.com/bid/59061 https://exchange.xforce.ibmcloud.com/vulnerabilities/83416 •