The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2013-04-25 23:55
Updated : 2024-02-04 18:16
NVD link : CVE-2013-1933
Mitre link : CVE-2013-1933
CVE.ORG link : CVE-2013-1933
JSON object : View
Products Affected
ruby-lang
- ruby
documentcloud
- karteek-docsplit
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')