CVE-2022-25765
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
Summary
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | pdfkit | 0.0.0 < unspecified | affected |
Weaknesses
- Command Injection
ADP Enrichment
CVE Program Container
Additional References
- https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
- https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50
- https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/
- http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html
References
- https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
- https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50
- https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/
- http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.