GHSA-pwjq-fx3v-8f9r

Source

https://github.com/advisories/GHSA-pwjq-fx3v-8f9r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-pwjq-fx3v-8f9r/GHSA-pwjq-fx3v-8f9r.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pwjq-fx3v-8f9r

Aliases

CVE-2025-31692

Published

2025-04-01T00:30:35Z

Modified

2025-04-02T18:12:09.993795Z

Severity

4.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Drupal AI Vulnerable to OS Command Injection via Optional Automator Types

Details

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection. This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

Database specific

{
    "nvd_published_at": "2025-03-31T22:15:21Z",
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-02T17:14:06Z"
}

References

Affected packages

Packagist / drupal/ai

Package

Name: drupal/ai
Purl: pkg:composer/drupal/ai

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.5