CVE-2022-36231 (pdf_info): Code injection in pdf_info

ADVISORIES

CVE-2022-36231 (NVD)
GHSA-9fh3-j99m-f4v7
Vendor Advisory

GEM

pdf_info

SEVERITY

CVSS v3.x: 9.8 (Critical)

PATCHED VERSIONS

None.

DESCRIPTION

pdf_info 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used.

https://github.com/newspaperclub/pdf_info/issues/16
https://github.com/newspaperclub/pdf_info/pull/15

RubySec

CVE-2022-36231 (pdf_info): Code injection in pdf_info

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories