BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.
References
Link | Resource |
---|---|
https://snyk.io/vuln/SNYK-RUBY-BIBTEXRUBY-542602 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2020-01-22T13:30:47
Updated: 2020-01-22T13:30:47
Reserved: 2019-04-03T00:00:00
Link: CVE-2019-10780
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-22T14:15:11.433
Modified: 2020-01-30T16:40:16.850
Link: CVE-2019-10780
JSON object: View
Redhat Information
No data.
CWE