Ruby/bibtex-ruby/4.3.0
BibTeX-Ruby is the Rubyist's swiss-army-knife for all things BibTeX. It includes a parser for all common BibTeX objects (@string, @preamble, @comment and regular entries) and a sophisticated name parser that tokenizes correctly formatted names; BibTeX-Ruby recognizes BibTeX string replacements, joins values containing multiple strings or variables, supports cross-references, and decodes common LaTeX formatting instructions to unicode; if you are in a hurry, it also allows for easy export/conversion to formats such as YAML, JSON, CSL, and XML (BibTeXML).
https://rubygems.org/gems/bibtex-ruby
GPL-3.0-only
2 Security Vulnerabilities
BibTeX-Ruby vulnerable to OS command injection
Published date: 2020-02-14T23:10:01Z
CVE: CVE-2019-10780
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10780
- https://github.com/advisories/GHSA-c5r5-7pfh-6qg6
- https://github.com/inukshuk/bibtex-ruby/commit/14406f4460f4e1ecabd25ca94f809b3ea7c5fb11
- https://snyk.io/vuln/SNYK-RUBY-BIBTEXRUBY-542602
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bibtex-ruby/CVE-2019-10780.yml
BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.
Affected versions:
["5.0.1", "5.0.0", "4.4.7", "4.4.6", "4.4.5", "4.4.4", "4.4.3", "4.4.2", "4.4.1", "4.4.0", "4.3.0", "4.2.0", "4.1.2", "4.1.1", "4.1.0", "4.0.16", "4.0.15", "4.0.14", "4.0.13", "4.0.12", "4.0.11", "4.0.10", "4.0.9", "4.0.8", "4.0.7", "4.0.6", "4.0.5", "4.0.4", "4.0.3", "4.0.2", "4.0.1", "4.0.0", "3.1.6", "3.1.5", "3.1.4", "3.1.3", "3.1.2", "3.1.1", "3.1.0", "3.0.1", "3.0.0", "2.3.4", "2.3.3", "2.3.2", "2.3.1", "2.3.0", "2.2.2", "2.2.1", "2.2.0", "2.1.2", "2.1.1", "2.1.0", "2.0.12", "2.0.11", "2.0.10", "2.0.9", "2.0.8", "2.0.7", "2.0.6", "2.0.5", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.0", "2.0.0pre1", "1.3.12", "1.3.11", "1.3.10", "1.3.9", "1.3.8", "1.3.7", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.2.1", "1.2.0", "1.1.2", "1.1.1", "1.1.0", "1.0.0"]
Secure versions:
[5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.1.6, 6.0.0, 6.1.0]
Recommendation:
Update to version 6.1.0.
OS command injection in BibTeX-Ruby
Published date: 2020-02-14
CVE: 2019-10780
CVSS V3: 9.8
BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.
Affected versions:
["5.0.1", "5.0.0", "4.4.7", "4.4.6", "4.4.5", "4.4.4", "4.4.3", "4.4.2", "4.4.1", "4.4.0", "4.3.0", "4.2.0", "4.1.2", "4.1.1", "4.1.0", "4.0.16", "4.0.15", "4.0.14", "4.0.13", "4.0.12", "4.0.11", "4.0.10", "4.0.9", "4.0.8", "4.0.7", "4.0.6", "4.0.5", "4.0.4", "4.0.3", "4.0.2", "4.0.1", "4.0.0", "3.1.6", "3.1.5", "3.1.4", "3.1.3", "3.1.2", "3.1.1", "3.1.0", "3.0.1", "3.0.0", "2.3.4", "2.3.3", "2.3.2", "2.3.1", "2.3.0", "2.2.2", "2.2.1", "2.2.0", "2.1.2", "2.1.1", "2.1.0", "2.0.12", "2.0.11", "2.0.10", "2.0.9", "2.0.8", "2.0.7", "2.0.6", "2.0.5", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.0", "2.0.0pre1", "1.3.12", "1.3.11", "1.3.10", "1.3.9", "1.3.8", "1.3.7", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.2.1", "1.2.0", "1.1.2", "1.1.1", "1.1.0", "1.0.0"]
Secure versions:
[5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.1.6, 6.0.0, 6.1.0]
Recommendation:
Update to version 6.1.0.
94 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 6.1.0 | GPL-3.0-or-later | 2024-01-08 - 18:07 | 4 months | |
| 6.0.0 | GPL-3.0-only | 2021-01-07 - 10:51 | over 3 years | |
| 5.1.6 | GPL-3.0-only | 2020-12-02 - 14:37 | over 3 years | |
| 5.1.5 | GPL-3.0-only | 2020-10-14 - 09:00 | over 3 years | |
| 5.1.4 | GPL-3.0-only | 2020-04-14 - 10:07 | about 4 years | |
| 5.1.3 | GPL-3.0-only | 2020-04-06 - 13:44 | about 4 years | |
| 5.1.2 | GPL-3.0-only | 2020-02-27 - 19:11 | about 4 years | |
| 5.1.1 | GPL-3.0-only | 2020-01-17 - 15:07 | over 4 years | |
| 5.1.0 | GPL-3.0-only | 2020-01-17 - 14:57 | over 4 years | |
| 5.0.1 | GPL-3.0-only | 2 | 2019-11-18 - 15:25 | over 4 years |
| 5.0.0 | GPL-3.0-only | 2 | 2019-06-12 - 09:42 | almost 5 years |
| 4.4.7 | GPL-3.0-only | 2 | 2018-06-01 - 10:57 | almost 6 years |
| 4.4.6 | GPL-3.0-only | 2 | 2018-03-01 - 14:51 | about 6 years |
| 4.4.5 | GPL-3.0-only | 2 | 2018-01-15 - 20:42 | over 6 years |
| 4.4.4 | GPL-3.0-only | 2 | 2017-07-02 - 19:07 | almost 7 years |
| 4.4.3 | GPL-3.0-only | 2 | 2016-10-30 - 10:14 | over 7 years |
| 4.4.2 | GPL-3.0-only | 2 | 2016-07-15 - 10:12 | almost 8 years |
| 4.4.1 | GPL-3.0-only | 2 | 2016-07-13 - 21:04 | almost 8 years |
| 4.4.0 | GPL-3.0-only | 2 | 2016-05-14 - 18:49 | almost 8 years |
| 4.3.0 | GPL-3.0-only | 2 | 2016-03-24 - 13:19 | about 8 years |
| 4.2.0 | GPL-3.0-only | 2 | 2016-02-02 - 20:26 | about 8 years |
| 4.1.2 | GPL-3.0-only | 2 | 2016-01-08 - 09:20 | over 8 years |
| 4.1.1 | GPL-3.0-only | 2 | 2016-01-07 - 20:11 | over 8 years |
| 4.1.0 | GPL-3.0-only | 2 | 2015-12-09 - 11:41 | over 8 years |
| 4.0.16 | GPL-3.0-only | 2 | 2015-10-27 - 10:20 | over 8 years |
| 4.0.15 | GPL-3.0-only | 2 | 2015-10-04 - 18:29 | over 8 years |
| 4.0.14 | GPL-3.0-only | 2 | 2015-06-25 - 09:11 | almost 9 years |
| 4.0.13 | GPL-3.0-only | 2 | 2015-05-10 - 17:50 | almost 9 years |
| 4.0.12 | GPL-3.0-only | 2 | 2015-03-25 - 16:22 | about 9 years |
| 4.0.11 | GPL-3.0-only | 2 | 2015-03-02 - 11:24 | about 9 years |
| 4.0.10 | GPL-3.0-only | 2 | 2015-01-23 - 17:52 | over 9 years |
| 4.0.9 | GPL-3.0-only | 2 | 2015-01-20 - 13:09 | over 9 years |
| 4.0.8 | GPL-3.0-only | 2 | 2015-01-12 - 14:59 | over 9 years |
| 4.0.7 | GPL-3.0-only | 2 | 2015-01-12 - 14:39 | over 9 years |
| 4.0.6 | GPL-3.0-only | 2 | 2015-01-12 - 14:12 | over 9 years |
| 4.0.5 | GPL-3.0-only | 2 | 2014-11-28 - 16:30 | over 9 years |
| 4.0.4 | GPL-3.0-only | 2 | 2014-10-10 - 12:16 | over 9 years |
| 4.0.3 | GPL-3.0-only | 2 | 2014-07-23 - 08:36 | almost 10 years |
| 4.0.2 | GPL-3.0-only | 2 | 2014-07-10 - 10:59 | almost 10 years |
| 4.0.1 | GPL-3.0-only | 2 | 2014-07-10 - 10:05 | almost 10 years |
| 4.0.0 | GPL-3.0-only | 2 | 2014-07-08 - 11:03 | almost 10 years |
| 3.1.6 | GPL-3.0-only | 2 | 2014-06-17 - 08:46 | almost 10 years |
| 3.1.5 | GPL-3.0-only | 2 | 2014-03-25 - 14:15 | about 10 years |
| 3.1.4 | GPL-3.0-only | 2 | 2014-03-15 - 10:45 | about 10 years |
| 3.1.3 | GPL-3.0-only | 2 | 2014-02-10 - 13:29 | about 10 years |
| 3.1.2 | GPL-3.0-only | 2 | 2014-01-29 - 14:12 | about 10 years |
| 3.1.1 | GPL-3.0-only | 2 | 2014-01-20 - 14:15 | over 10 years |
| 3.1.0 | GPL-3.0-only | 2 | 2014-01-20 - 12:27 | over 10 years |
| 3.0.1 | GPL-3.0-only | 2 | 2013-12-30 - 16:52 | over 10 years |
| 3.0.0 | GPL-3.0-only | 2 | 2013-11-11 - 08:24 | over 10 years |
| 2.3.4 | GPL-3.0-only | 2 | 2013-08-22 - 15:02 | over 10 years |
| 2.3.3 | GPL-3.0-only | 2 | 2013-07-29 - 17:14 | over 10 years |
| 2.3.2 | GPL-3.0-only | 2 | 2013-06-08 - 10:22 | almost 11 years |
| 2.3.1 | GPL-3.0-only | 2 | 2013-04-07 - 10:59 | about 11 years |
| 2.3.0 | GPL-3.0-only | 2 | 2013-04-06 - 15:01 | about 11 years |
| 2.2.2 | GPL-3.0-only | 2 | 2013-01-15 - 09:43 | over 11 years |
| 2.2.1 | GPL-3.0-only | 2 | 2013-01-13 - 11:31 | over 11 years |
| 2.2.0 | GPL-3.0-only | 2 | 2012-12-02 - 11:47 | over 11 years |
| 2.1.2 | UNKNOWN | 2 | 2012-11-02 - 08:22 | over 11 years |
| 2.1.1 | UNKNOWN | 2 | 2012-09-14 - 11:01 | over 11 years |
| 2.1.0 | UNKNOWN | 2 | 2012-08-31 - 10:06 | over 11 years |
| 2.0.12 | UNKNOWN | 2 | 2012-06-28 - 12:25 | almost 12 years |
| 2.0.11 | UNKNOWN | 2 | 2012-05-23 - 10:53 | almost 12 years |
| 2.0.10 | UNKNOWN | 2 | 2012-05-15 - 11:43 | almost 12 years |
| 2.0.9 | UNKNOWN | 2 | 2012-05-15 - 11:39 | almost 12 years |
| 2.0.8 | UNKNOWN | 2 | 2012-05-11 - 10:20 | almost 12 years |
| 2.0.7 | UNKNOWN | 2 | 2012-04-30 - 11:49 | almost 12 years |
| 2.0.6 | UNKNOWN | 2 | 2012-04-30 - 11:34 | almost 12 years |
| 2.0.5 | UNKNOWN | 2 | 2012-04-19 - 13:45 | about 12 years |
| 2.0.4 | UNKNOWN | 2 | 2011-12-20 - 14:30 | over 12 years |
| 2.0.3 | UNKNOWN | 2 | 2011-12-13 - 09:03 | over 12 years |
| 2.0.2 | UNKNOWN | 2 | 2011-11-25 - 15:13 | over 12 years |
| 2.0.1 | UNKNOWN | 2 | 2011-10-20 - 09:15 | over 12 years |
| 2.0.0 | UNKNOWN | 2 | 2011-09-25 - 18:04 | over 12 years |
| 2.0.0pre1 | UNKNOWN | 2 | 2011-09-25 - 15:40 | over 12 years |
| 1.3.12 | UNKNOWN | 2 | 2011-09-06 - 08:49 | over 12 years |
| 1.3.11 | UNKNOWN | 2 | 2011-08-05 - 17:34 | over 12 years |
| 1.3.10 | UNKNOWN | 2 | 2011-07-16 - 10:02 | almost 13 years |
| 1.3.9 | UNKNOWN | 2 | 2011-07-05 - 12:45 | almost 13 years |
| 1.3.8 | UNKNOWN | 2 | 2011-07-05 - 11:31 | almost 13 years |
| 1.3.7 | UNKNOWN | 2 | 2011-06-30 - 17:00 | almost 13 years |
| 1.3.6 | UNKNOWN | 2 | 2011-06-11 - 12:58 | almost 13 years |
| 1.3.5 | UNKNOWN | 2 | 2011-06-07 - 16:51 | almost 13 years |
| 1.3.4 | UNKNOWN | 2 | 2011-06-07 - 13:53 | almost 13 years |
| 1.3.3 | UNKNOWN | 2 | 2011-06-06 - 14:36 | almost 13 years |
| 1.3.2 | UNKNOWN | 2 | 2011-05-21 - 11:42 | almost 13 years |
| 1.3.1 | UNKNOWN | 2 | 2011-05-14 - 21:16 | almost 13 years |
| 1.3.0 | UNKNOWN | 2 | 2011-05-12 - 20:25 | almost 13 years |
| 1.2.1 | UNKNOWN | 2 | 2011-04-06 - 08:37 | about 13 years |
| 1.2.0 | UNKNOWN | 2 | 2011-02-12 - 11:58 | about 13 years |
| 1.1.2 | UNKNOWN | 2 | 2011-01-27 - 13:25 | about 13 years |
| 1.1.1 | UNKNOWN | 2 | 2011-01-25 - 17:06 | about 13 years |
| 1.1.0 | UNKNOWN | 2 | 2011-01-24 - 13:42 | over 13 years |
| 1.0.0 | UNKNOWN | 2 | 2011-01-18 - 13:52 | over 13 years |