CVE-2013-1948: Remote command injection

April 25, 2013 (updated August 28, 2017)

In md2pdf/converter.rb we see user supplied input being passed to the command line without proper sanitization.

References

vapid.dhs.org/advisories/md2pdf-remote-exec.html

Detect and mitigate CVE-2013-1948 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →