CVE-2013-1933

The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:documentcloud:karteek-docsplit:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-04-25 23:55

Updated : 2024-02-04 18:16


NVD link : CVE-2013-1933

Mitre link : CVE-2013-1933

CVE.ORG link : CVE-2013-1933


JSON object : View

Products Affected

ruby-lang

  • ruby

documentcloud

  • karteek-docsplit
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')