CVE-2014-2322
Arabic Prawn 0.0.1 - Remote Code Execution via Shell Metacharacters in Downloaded File or URL
Title source: llmDescription
lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/10/8
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/12/6
Scores
EPSS
0.0100
EPSS Percentile
77.2%
Details
Status
published
Products (2)
dynamixsolutions/arabic_prawn
0.0.1
rubygems/Arabic-Prawn
0RubyGems
Published
May 02, 2014
Tracked Since
Feb 18, 2026