Vulnerabilities > CVE-2014-2322 - Unspecified vulnerability in Dynamixsolutions Arabic Prawn 0.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable. Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/125679/arabicprawn-inject.txt |
id | PACKETSTORM:125679 |
last seen | 2016-12-05 |
published | 2014-03-12 |
reporter | Larry W. Cashdollar |
source | https://packetstormsecurity.com/files/125679/Ruby-Gem-Arabic-Prawn-0.0.1-Command-Injection.html |
title | Ruby Gem Arabic Prawn 0.0.1 Command Injection |