blob: b19e4925fe0763cfc8c4ddf448206cd745f5800c [file] [log] [blame]
id: GO-2022-1184
modules:
- module: code.sajari.com/docconv
versions:
- introduced: 1.1.0
- fixed: 1.3.5
vulnerable_at: 1.3.4
packages:
- package: code.sajari.com/docconv
symbols:
- PDFHasImage
- ConvertPDF
derived_symbols:
- Convert
- ConvertPages
- ConvertPath
- ConvertPathReadability
summary: OS command injection vulnerability in code.sajari.com/docconv
description: |-
The manipulation of the argument path to docconv.{ConvertPDF,PDFHasImage} leads
to os command injection.
cves:
- CVE-2022-4643
ghsas:
- GHSA-6m4h-hfpp-x8cx
references:
- fix: https://github.com/sajari/docconv/pull/110
- web: https://github.com/sajari/docconv/releases/tag/v1.3.5
- fix: https://github.com/sajari/docconv/commit/b19021ade3d0b71c89d35cb00eb9e589a121faa5
- web: https://vuldb.com/?id.216502
review_status: REVIEWED