Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-1607
Vulnerability from gsd - Updated: 2013-02-21 00:00Details
PDFKit Gem for Ruby contains a flaw that is due to the program failing to properly validate input during the handling of parameters when generating PDF files. This may allow a remote attacker to potentially execute arbitrary code via the pdfkit generation options.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-1607",
"description": "Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability",
"id": "GSD-2013-1607"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "pdfkit",
"purl": "pkg:gem/pdfkit"
}
}
],
"aliases": [
"CVE-2013-1607",
"OSVDB-90867"
],
"details": "PDFKit Gem for Ruby contains a flaw that is due to the program failing to properly validate input during the handling of parameters when generating PDF files. This may allow a remote attacker to potentially execute arbitrary code via the pdfkit generation options.",
"id": "GSD-2013-1607",
"modified": "2013-02-21T00:00:00.000Z",
"published": "2013-02-21T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1607"
}
],
"schema_version": "1.4.0",
"summary": "PDFKit Gem for Ruby PDF File Generation Parameter Handling Remote Code Execution"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82563",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82563"
},
{
"name": "https://www.securityfocus.com/bid/58303/info",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/58303/info"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-1607",
"date": "2013-02-21",
"description": "PDFKit Gem for Ruby contains a flaw that is due to the program failing to properly validate input during the handling of parameters when generating PDF files. This may allow a remote attacker to potentially execute arbitrary code via the pdfkit generation options.",
"gem": "pdfkit",
"osvdb": 90867,
"patched_versions": [
"\u003e= 0.5.3"
],
"title": "PDFKit Gem for Ruby PDF File Generation Parameter Handling Remote Code Execution",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1607"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.5.3",
"affected_versions": "All versions before 0.5.3",
"credit": "Devin Walters",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2020-02-14",
"description": "Ruby PDFKit has a Code Execution Vulnerability",
"fixed_versions": [
"0.5.3"
],
"identifier": "CVE-2013-1607",
"identifiers": [
"CVE-2013-1607"
],
"not_impacted": "All versions starting from 0.5.3",
"package_slug": "gem/pdfkit",
"pubdate": "2020-02-11",
"solution": "Upgrade to version 0.5.3 or above.",
"title": "PDF File Generation Parameter Handling Remote Code Execution",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2013-1607",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/82563",
"https://www.securityfocus.com/bid/58303/info",
"https://github.com/pdfkit/pdfkit/commit/ce37ffcdb223b34dd215971e2cd365e3a66cb5f1"
],
"uuid": "55ec1e18-e155-498a-98c5-9de763a9bf02"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pdfkit_project:pdfkit:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "0.5.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1607"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82563",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82563"
},
{
"name": "https://www.securityfocus.com/bid/58303/info",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/58303/info"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-02-14T18:17Z",
"publishedDate": "2020-02-11T18:15Z"
}
}
}