| { |
| "schema_version": "1.3.1", |
| "id": "GO-2022-1184", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "CVE-2022-4643", |
| "GHSA-6m4h-hfpp-x8cx" |
| ], |
| "summary": "OS command injection vulnerability in code.sajari.com/docconv", |
| "details": "The manipulation of the argument path to docconv.{ConvertPDF,PDFHasImage} leads to os command injection.", |
| "affected": [ |
| { |
| "package": { |
| "name": "code.sajari.com/docconv", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "1.1.0" |
| }, |
| { |
| "fixed": "1.3.5" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "code.sajari.com/docconv", |
| "symbols": [ |
| "Convert", |
| "ConvertPDF", |
| "ConvertPages", |
| "ConvertPath", |
| "ConvertPathReadability", |
| "PDFHasImage" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "FIX", |
| "url": "https://github.com/sajari/docconv/pull/110" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/sajari/docconv/releases/tag/v1.3.5" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/sajari/docconv/commit/b19021ade3d0b71c89d35cb00eb9e589a121faa5" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://vuldb.com/?id.216502" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2022-1184", |
| "review_status": "REVIEWED" |
| } |
| } |