Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/302668 | Third Party Advisory US Government Resource |
Configurations
Information
Published : 2015-03-03 18:59
Updated : 2015-03-04 11:10
NVD link : CVE-2015-0934
Mitre link : CVE-2015-0934
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
sharelatex
- sharelatex