Lucene search
HistoryMay 02, 2014 - 2:55 p.m.
CVE-2014-2322
lib
string_utf_support
remote attackers
arbitrary commands
shell metacharacters
downloaded_file
url
security vulnerability
nvd
cve-2014-2322
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.022 Low
EPSS
Percentile
89.4%
lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.
Affected configurations
Node
dynamixsolutionsarabic_prawnMatch0.0.1ruby
| CPE | Name | Operator | Version |
|---|---|---|---|
| dynamixsolutions:arabic_prawn | dynamixsolutions arabic prawn | eq | 0.0.1 |
Related
github
github
cvelist
cvelist
CVE-2014-2322
2014-05-02 14:00:00
zdt
zdt
Ruby Gem Arabic Prawn 0.0.1 Command Injection Vulnerability
2014-03-13 00:00:00
gitlab
gitlab
Remote Command Injection
2014-05-02 00:00:00
packetstorm
packetstorm
Ruby Gem Arabic Prawn 0.0.1 Command Injection
2014-03-12 00:00:00
nvd
nvd
CVE-2014-2322
2014-05-02 14:55:07
osv
osv
prion
prion
Code injection
2014-05-02 14:55:00
securityvulns
securityvulns
Different Ruby gems security vulnerabilities
2014-05-04 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.022 Low
EPSS
Percentile
89.4%
Related for CVE-2014-2322