Advisories for Gem/Karteek-Docsplit package

User supplied input isn't sanitized against shell metacharacters and is fed directly to the shell. If the user is tricked into extracting a file with shell characters, arbitrary code can be executed remotely.