9.8
CVE-2022-25765
- EPSS 39.39%
- Veröffentlicht 09.09.2022 05:15:07
- Zuletzt bearbeitet 21.11.2024 06:52:57
- CVE-Watchlists
- Unerledigt
Command Injection
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pdfkit Project ≫ Pdfkit SwPlatformruby Version >= 0.0.0
Fedoraproject ≫ Fedora Version35
Fedoraproject ≫ Fedora Version36
Fedoraproject ≫ Fedora Version37
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 39.39% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| report@snyk.io | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html
https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58
https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795