CVE-2019-10780

moderate-risk
Published 2020-01-22

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.

Do I need to act?

~
2.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 3a3224201aed65e9ccbc2d2e8bbaec3c6789ed6f
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Bibtex-Ruby

Affected Vendors

Bibtex-Ruby Project

References (2)

Exploit https://snyk.io/vuln/SNYK-RUBY-BIBTEXRUBY-542602
Exploit https://snyk.io/vuln/SNYK-RUBY-BIBTEXRUBY-542602
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal