CVE-2022-44544

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-44544

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44544.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-44544

Published

2022-11-06T17:15:10.220Z

Modified

2025-11-20T12:10:46.002326Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.

References

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type: GIT
Repo: https://github.com/maharaproject/mahara
Events: Introduced

359597b32c7afe52339422a91f14256e17b33dfc

Fixed

a565484c674358c4991d37d263565f4e96ed19f5

Affected versions

21.*

21.04.0_RELEASE

21.04.1_RELEASE

21.04.2_RELEASE

21.04.3_RELEASE

21.04.4_RELEASE

21.04.5_RELEASE

21.04.6_RELEASE

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44544.json"