CVE-2014-2322

lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
dynamixsolutionsarabic_prawn
0.0.1
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2014/03/10/8
http://www.openwall.com/lists/oss-security/2014/03/12/6
http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html
http://www.openwall.com/lists/oss-security/2014/03/10/8
http://www.openwall.com/lists/oss-security/2014/03/12/6
http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html