Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-2322
Vulnerability from gsd - Updated: 2014-03-10 00:00Details
Arabic Prawn Gem for Ruby contains a flaw in the lib/string_utf_support.rb
file. The issue is due to the program failing to sanitize user input. This may
allow a remote attacker to inject arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-2322",
"description": "lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.",
"id": "GSD-2014-2322",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2014-2322"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "Arabic-Prawn",
"purl": "pkg:gem/Arabic-Prawn"
}
}
],
"aliases": [
"CVE-2014-2322",
"OSVDB-104365"
],
"details": "Arabic Prawn Gem for Ruby contains a flaw in the lib/string_utf_support.rb\nfile. The issue is due to the program failing to sanitize user input. This may\nallow a remote attacker to inject arbitrary commands.\n",
"id": "GSD-2014-2322",
"modified": "2014-03-10T00:00:00.000Z",
"published": "2014-03-10T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2322"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V2"
}
],
"summary": "Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html"
},
{
"name": "[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/10/8"
},
{
"name": "[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/12/6"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-2322",
"cvss_v2": 7.5,
"date": "2014-03-10",
"description": "Arabic Prawn Gem for Ruby contains a flaw in the lib/string_utf_support.rb\nfile. The issue is due to the program failing to sanitize user input. This may\nallow a remote attacker to inject arbitrary commands.\n",
"gem": "Arabic-Prawn",
"osvdb": 104365,
"title": "Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2322"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e0.0.0",
"affected_versions": "All versions",
"credit": "Larry W. Cashdollar, @_larry0 ",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2014-05-05",
"description": "Unsanitized input is passed to the shell. A malicious user can inject shell commands by sending shell meta characters like \u0027;\u0027 in some variables.",
"fixed_versions": [],
"identifier": "CVE-2014-2322",
"identifiers": [
"CVE-2014-2322"
],
"package_slug": "gem/Arabic-Prawn",
"pubdate": "2014-05-02",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Remote Command Injection",
"urls": [],
"uuid": "edb19b4d-718a-4d4b-b73b-540349d65fd3"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dynamixsolutions:arabic_prawn:0.0.1:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2322"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2014/03/12/6"
},
{
"name": "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html",
"refsource": "MISC",
"tags": [
"Exploit"
],
"url": "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html"
},
{
"name": "[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem",
"refsource": "MLIST",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/10/8"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2014-05-05T13:47Z",
"publishedDate": "2014-05-02T14:55Z"
}
}
}