Question 1

What is CVE-2013-1933?

Accepted Answer

CVE-2013-1933 is a high-severity software vulnerability (OS command injection) with a CVSS score of 9.3. The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.

Question 2

Is CVE-2013-1933 being actively exploited?

Accepted Answer

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 2%.

Question 3

What products does CVE-2013-1933 affect?

Accepted Answer

Tracked products affected include Ruby. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2013-1933?

Accepted Answer

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2013-1933

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information