Description
pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-9fh3-j99m-f4v7 | Code injection in pdf_info |
References
History
Thu, 13 Mar 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-78 | |
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-03-13T19:40:15.624Z
Reserved: 2022-07-18T00:00:00.000Z
Link: CVE-2022-36231
Updated: 2024-08-03T10:00:04.268Z
Status : Modified
Published: 2023-02-23T22:15:11.117
Modified: 2026-06-17T04:53:05.377
Link: CVE-2022-36231
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- NVD-CWE-noinfo
Github GHSA