CVE-2020-37012: Php Latex Shell Escape Rce
LaTeX (latex/pdflatex/xelatex/lualatex) is being invoked with the `-shell-escape` flag. This flag enables LaTeX's `\write18{...}` and `\input{|"cmd"}` shell-execution primitives, which pass their arguments directly to /bin/sh. If the .tex document being compiled contains any untrusted input (e.g., HTTP request body, user-uploaded file, database field), this
greprules fetch cve-2020-37012-php-latex-shell-escape-rce --engine opengrepDescription
LaTeX (latex/pdflatex/xelatex/lualatex) is being invoked with the `-shell-escape` flag. This flag enables LaTeX's `\write18{...}` and `\input{|"cmd"}` shell-execution primitives, which pass their arguments directly to /bin/sh. If the .tex document being compiled contains any untrusted input (e.g., HTTP request body, user-uploaded file, database field), this
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.