GHSA-rhwx-hjx2-x4qr

Source
https://github.com/advisories/GHSA-rhwx-hjx2-x4qr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-rhwx-hjx2-x4qr/GHSA-rhwx-hjx2-x4qr.json
Aliases
  • CVE-2022-25765
Published
2022-09-10T00:00:32Z
Modified
2024-02-19T05:23:14.114042Z
Details

The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized.

Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2.

References

Affected packages

RubyGems / pdfkit

Package

Name
pdfkit

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.8.7.2

Affected versions

0.*

0.1.0
0.1.1
0.2.0
0.2.1
0.2.2
0.2.3
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.6.1
0.6.2
0.7.0
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.4.1
0.8.4.2
0.8.4.3.1
0.8.4.3.2
0.8.5
0.8.6
0.8.7
0.8.7.1