CVE-2022-44544

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-44544
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44544.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-44544
Published
2022-11-06T17:15:10.220Z
Modified
2026-03-14T11:57:21.691563Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.

References

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type
GIT
Repo
https://github.com/maharaproject/mahara
Events
Introduced
359597b32c7afe52339422a91f14256e17b33dfc
Fixed
a565484c674358c4991d37d263565f4e96ed19f5
Introduced
9b0da78a1f8585b142a372d422bf5d9a36e1450d
Fixed
651004442934136c32cadc4a4658405a7e24a865
Introduced
9502dd8e97405dec1b1c5f22ac3e516504f910e5
Fixed
bb4b41aba3d2a910ea354492dfb95cba3f398642
Database specific 
{
    "versions": [
        {
            "introduced": "21.04.0"
        },
        {
            "fixed": "21.04.7"
        },
        {
            "introduced": "21.10.0"
        },
        {
            "fixed": "21.10.5"
        },
        {
            "introduced": "22.04.0"
        },
        {
            "fixed": "22.04.3"
        }
    ]
}

Affected versions

21.*
21.04.0_RELEASE
21.04.1_RELEASE
21.04.2_RELEASE
21.04.3_RELEASE
21.04.4_RELEASE
21.04.5_RELEASE
21.04.6_RELEASE
21.10.0_RELEASE
21.10.1_RELEASE
21.10.2_RELEASE
21.10.3_RELEASE
21.10.4_RELEASE
22.*
22.04.0_RELEASE
22.04.1_RELEASE
22.04.2_RELEASE

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44544.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "22.10.0-rc1"
            }
        ]
    }
]