Vulnerabilities > Sharelatex
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-04 | CVE-2015-0934 | Command Injection vulnerability in Sharelatex 0.1.2 Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | 6.5 |
| 2015-03-04 | CVE-2015-0933 | Path Traversal vulnerability in Sharelatex 0.1.2 Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command. | 3.5 |