BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Mar 12 2014 12:38PM
Larry W. Cashdollar (larry0 me com)
Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem

Author: Larry W. Cashdollar, @_larry0

Download Site: http://rubygems.org/gems/Arabic-Prawn

CVE: 2014-2322
Date: 12/17/2013

In Arabic-Prawn-0.0.1/lib/string_utf_support.rb, the following lines pass unsanitized input to the shell.

426...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus