CVE-2022-25765: Improper Neutralization of Special Elements used in a Command ('Command Injection')

September 9, 2022 (updated November 7, 2023)

The package pdfkit from 0.0.0 is vulnerable to Command Injection where the URL is not properly sanitized.

References

github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58
github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50
nvd.nist.gov/vuln/detail/CVE-2022-25765
security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795

Detect and mitigate CVE-2022-25765 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →