GHSA-9fh3-j99m-f4v7

Suggest an improvement
Source
https://github.com/advisories/GHSA-9fh3-j99m-f4v7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-9fh3-j99m-f4v7/GHSA-9fh3-j99m-f4v7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9fh3-j99m-f4v7
Aliases
Published
2023-02-24T00:30:17Z
Modified
2023-11-08T04:10:02.333856Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Code injection in pdf_info
Details

pdf_info 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used.

References

Affected packages

RubyGems / pdf_info

Package

Name
pdf_info
Purl
pkg:gem/pdf_info

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.5.3

Affected versions

0.*

0.1.0
0.2.0
0.3.0
0.3.1
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3