You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Unsanitized String Vulnerability in PDFKit <= 0.5.2
There is a vulnerability in PDFKit <= 0.5.2 that puts applications
at risk of Remote Code Execution through improperly escaped
strings. This vulnerability has been given the CVE identifier CVE-2013-1607.
Versions Affected: 0.5.2 and all earlier versions
Not affected: 0.5.3
Impact
If developers allow users to set parameters for the generation of
a PDF, an attacker can execute shell code via PDFKit generation
options.
A vulnerable application may look like the following:
html = '<html><head><title>Foo</title></head><body>Anything</body></html>'
PDFKit.new(html, :page_size => params[:page_size]).to_pdf
All users on versions of PDFKit prior to 0.5.2 should upgrade to
0.5.3 immediately.
Releases
The 0.5.3 release is available via rubgems and GitHub.
Workarounds
Sanitize user-provided arguments to PDFKit prior to the generation
of a PDF:
params[:page_size].shellescape
Credits
Thank you to Hans-Martin Münch (it.sec, GmbH & Co. KG) for the report.
The text was updated successfully, but these errors were encountered:
Unsanitized String Vulnerability in PDFKit <= 0.5.2
There is a vulnerability in PDFKit <= 0.5.2 that puts applications
at risk of Remote Code Execution through improperly escaped
strings. This vulnerability has been given the CVE identifier
CVE-2013-1607.
Versions Affected: 0.5.2 and all earlier versions
Not affected: 0.5.3
Impact
If developers allow users to set parameters for the generation of
a PDF, an attacker can execute shell code via PDFKit generation
options.
A vulnerable application may look like the following:
All users on versions of PDFKit prior to 0.5.2 should upgrade to
0.5.3 immediately.
Releases
The 0.5.3 release is available via rubgems and GitHub.
Workarounds
Sanitize user-provided arguments to PDFKit prior to the generation
of a PDF:
Credits
Thank you to Hans-Martin Münch (it.sec, GmbH & Co. KG) for the report.
The text was updated successfully, but these errors were encountered: