CVE-2013-1933
karteek-docsplit 0.5.4 - OS Command Injection via PDF Filename
Title source: llmDescription
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/92117
Various Sources x_refsource_misc
http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83277
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/04/08/15
Scores
EPSS
0.0284
EPSS Percentile
86.4%
Details
CWE
CWE-78
Status
published
Products (2)
documentcloud/karteek-docsplit
0.5.4
rubygems/karteek-docsplit
0RubyGems
Published
Apr 25, 2013
Tracked Since
Feb 18, 2026