9.8

CVE-2022-25765

Exploit

Command Injection

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pdfkit ProjectPdfkit SwPlatformruby Version >= 0.0.0
FedoraprojectFedora Version35
FedoraprojectFedora Version36
FedoraprojectFedora Version37
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 39.39% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
report@snyk.io 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html
https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58
Third Party Advisory
https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
Third Party Advisory
Exploit