Vulnerability	Vulnerable Version
C Command Injection rebber is a package that Stringifies MDAST to LaTeX. Affected versions of this package are vulnerable to Command Injection. The reported problem came from CodeBlocks, which could be escaped to insert malicious LaTeX. Anyone using `rebber` without sanitization of code content or a custom macro is impacted by this vulnerability. PoC ``` \end{CodeBlock} % Will insert into the generated LaTeX the result of executing `COMMAND` on the system. \immediate\write18{COMMAND > outputrce} \input{outputrce} \begin{CodeBlock}{text} ``` How to fix Command Injection? Upgrade `rebber` to version 5.2.1 or higher.	<5.2.1

Command Injection

rebber is a package that Stringifies MDAST to LaTeX.

Affected versions of this package are vulnerable to Command Injection. The reported problem came from CodeBlocks, which could be escaped to insert malicious LaTeX. Anyone using rebber without sanitization of code content or a custom macro is impacted by this vulnerability.

PoC

```
\end{CodeBlock}

% Will insert into the generated LaTeX the result of executing `COMMAND` on the system.
\immediate\write18{COMMAND > outputrce}
\input{outputrce}

\begin{CodeBlock}{text}
```

How to fix Command Injection?

Upgrade rebber to version 5.2.1 or higher.

<5.2.1

Go back to all versions of this package