CVE-2022-25765

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html
https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58	Third Party Advisory
https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/
https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pdfkit_project:pdfkit:*:*:*:*:*:ruby:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

History

07 Nov 2023, 03:44

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/', 'name': 'FEDORA-2022-3ec8272e72', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/', 'name': 'FEDORA-2022-6da143f1a2', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/', 'name': 'FEDORA-2022-c0d55cd527', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/ -

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~CWE-77~~	NVD-CWE-Other

06 Apr 2023, 17:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html -

20 Jan 2023, 03:15

Type	Values Removed	Values Added
CPE		cpe:2.3:o:fedoraproject:fedora:37:::::::*
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/ - Mailing List, Third Party Advisory

14 Nov 2022, 15:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/ -

07 Nov 2022, 19:18

Type	Values Removed	Values Added
CPE		cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::*
First Time		Fedoraproject Fedoraproject fedora
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/ - Mailing List, Third Party Advisory

11 Oct 2022, 13:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/ -

10 Sep 2022, 03:53

Type	Values Removed	Values Added
References	~~(CONFIRM) https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50 -~~	(CONFIRM) https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50 - Third Party Advisory
References	~~(CONFIRM) https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58 -~~	(CONFIRM) https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58 - Third Party Advisory
References	~~(CONFIRM) https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795 -~~	(CONFIRM) https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795 - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:pdfkit_project:pdfkit::::::ruby::*
First Time		Pdfkit Project Pdfkit Project pdfkit
CWE		CWE-77

09 Sep 2022, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-09 05:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-25765

Mitre link : CVE-2022-25765

CVE.ORG link : CVE-2022-25765

JSON object : View

Products Affected

pdfkit_project

pdfkit

fedoraproject

fedora

CWE

NVD-CWE-Other

9.8 /10