Vulnerability Details CVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.891
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 7.3
References
- http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html
- https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58
- https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/
- https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
- http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html
- https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58
- https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/
- https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
Products affected by CVE-2022-25765
-
cpe:2.3:a:pdfkit_project:pdfkit:0.1.0
-
cpe:2.3:a:pdfkit_project:pdfkit:0.1.1
-
cpe:2.3:a:pdfkit_project:pdfkit:0.2.0
-
cpe:2.3:a:pdfkit_project:pdfkit:0.2.1
-
cpe:2.3:a:pdfkit_project:pdfkit:0.2.2
-
cpe:2.3:a:pdfkit_project:pdfkit:0.2.3
-
cpe:2.3:a:pdfkit_project:pdfkit:0.3.0
-
cpe:2.3:a:pdfkit_project:pdfkit:0.3.2
-
cpe:2.3:a:pdfkit_project:pdfkit:0.3.3
-
cpe:2.3:a:pdfkit_project:pdfkit:0.4.0
-
cpe:2.3:a:pdfkit_project:pdfkit:0.4.1
-
cpe:2.3:a:pdfkit_project:pdfkit:0.4.2
-
cpe:2.3:a:pdfkit_project:pdfkit:0.4.3
-
cpe:2.3:a:pdfkit_project:pdfkit:0.4.4
-
cpe:2.3:a:pdfkit_project:pdfkit:0.4.5
-
cpe:2.3:a:pdfkit_project:pdfkit:0.4.6
-
cpe:2.3:a:pdfkit_project:pdfkit:0.5.0
-
cpe:2.3:a:pdfkit_project:pdfkit:0.5.1
-
cpe:2.3:a:pdfkit_project:pdfkit:0.5.2
-
cpe:2.3:a:pdfkit_project:pdfkit:0.5.3
-
cpe:2.3:a:pdfkit_project:pdfkit:0.5.4
-
cpe:2.3:a:pdfkit_project:pdfkit:0.6.0
-
cpe:2.3:a:pdfkit_project:pdfkit:0.6.1
-
cpe:2.3:a:pdfkit_project:pdfkit:0.6.2
-
cpe:2.3:a:pdfkit_project:pdfkit:0.7.0
-
cpe:2.3:a:pdfkit_project:pdfkit:0.8.0
-
cpe:2.3:a:pdfkit_project:pdfkit:0.8.1
-
cpe:2.3:a:pdfkit_project:pdfkit:0.8.2
-
cpe:2.3:a:pdfkit_project:pdfkit:0.8.3
-
cpe:2.3:a:pdfkit_project:pdfkit:0.8.4
-
cpe:2.3:a:pdfkit_project:pdfkit:0.8.4.1
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:fedoraproject:fedora:37