CVE-2022-36231

Published February 23rd, 2023

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

3

PROJECTS

Description

pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3.

Wraps the pdfinfo command line tool to provide a hash of metadata

RubyGems

60.1K

newspaperclub/pdf_info

Ruby wrapper for the pdfinfo unix tool.

GitHub

10

affix/CVE-2022-36231

pdf_info <= 0.5.3 OS Command Injection

GitHub

5