Title:Remote command Injection in Creme Fraiche 0.6 Ruby Gem
The following lines pass unsanitized user input directly to the command line. A malicious email attachment with a file name consisting of shell meta characters could inject commands into the shell.

If the attacker is allowed to specify a filename (via a web gui) commands could be injected that way as well.

218 cmd = "pdftk %s updateinfo %s output %s" %[pdf, infofile, tfile] 
219 @log.debug('pdftk-command is ' << cmd) 
220 pdftkresult = system( cmd)