Code injection in pdf_info

GHSA-9fh3-j99m-f4v7 · CVE-2022-36231

Published Feb 24, 2023 · Modified Mar 13, 2025

Description

pdf_info 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-36231
WEB https://github.com/newspaperclub/pdf_info/issues/16
WEB https://github.com/newspaperclub/pdf_info/pull/15
WEB https://github.com/affix/CVE-2022-36231
PACKAGE https://github.com/newspaperclub/pdf_info
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pdf_info/CVE-2022-36231.yml
WEB https://rubygems.org/gems/pdf_info

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes