Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem
Mar 12 2014 12:38PM
Larry W. Cashdollar (larry0 me com)
Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem
Author: Larry W. Cashdollar, @_larry0
Download Site: http://rubygems.org/gems/Arabic-Prawn
In Arabic-Prawn-0.0.1/lib/string_utf_support.rb, the following lines pass unsanitized input to the shell.
[ more ]
Copyright 2010, SecurityFocus