Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-25765Command Injection in Project Pdfkit

CWE-77Command Injection7 documents5 sources
Severity
9.8CRITICALNVD
EPSS
88.8%
top 0.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Pdfkit Project PdfkitFedoraproject Fedora
Timeline
PublishedSep 9
Latest updateApr 6

Description

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5pdfkit_project/pdfkit0.0.0unspecified
RubyGemspdfkit_project/pdfkit< 0.8.7.2

Also affects: Fedora 35, 36, 37

🔴Vulnerability Details

2
GHSA
PDFKit vulnerable to Command Injection2022-09-10
OSV
PDFKit vulnerable to Command Injection2022-09-10

💥Exploits & PoCs

1
Exploit-DB
pdfkit v0.8.7.2 - Command Injection2023-04-06

📄Research Papers

3
CTF
medium / README
CTF
Precious / README
CTF
easy / README
CVE-2022-25765 — Command Injection in Project Pdfkit | cvebase