{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-25765","assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","assignerShortName":"snyk","dateUpdated":"2024-09-16T16:47:50.441Z","dateReserved":"2022-02-24T00:00:00.000Z","datePublished":"2022-09-09T05:00:15.097Z"},"containers":{"cna":{"title":"Command Injection","datePublic":"2022-09-09T00:00:00.000Z","providerMetadata":{"orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk","dateUpdated":"2023-04-06T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized."}],"affected":[{"vendor":"n/a","product":"pdfkit","versions":[{"version":"0.0.0","status":"affected","lessThan":"unspecified","versionType":"custom"}]}],"references":[{"url":"https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795"},{"url":"https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50"},{"url":"https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58"},{"name":"FEDORA-2022-6da143f1a2","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/"},{"name":"FEDORA-2022-3ec8272e72","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/"},{"name":"FEDORA-2022-c0d55cd527","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/"},{"url":"http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html"}],"credits":[{"lang":"en","value":"Benoit Côté-Jodoin"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","exploitCodeMaturity":"PROOF_OF_CONCEPT","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","baseScore":7.3,"temporalScore":6.9,"baseSeverity":"HIGH","temporalSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Command Injection"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T04:49:43.530Z"},"title":"CVE Program Container","references":[{"url":"https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795","tags":["x_transferred"]},{"url":"https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50","tags":["x_transferred"]},{"url":"https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58","tags":["x_transferred"]},{"name":"FEDORA-2022-6da143f1a2","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/"},{"name":"FEDORA-2022-3ec8272e72","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/"},{"name":"FEDORA-2022-c0d55cd527","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/"},{"url":"http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html","tags":["x_transferred"]}]}]}}