GO-2022-1184 OS command injection vulnerability in code.sajari.com/docconv

The manipulation of the argument path to docconv.ConvertPDF,PDFHasImage leads to os command injection...

Remote Code Execution

github.com/sajari/docconv is vulnerable to remote code execution. Lack of proper checking of exec.Command in PDFHasImage function of the file pdfocr.go allows an attacker to upload and execute malicious code on the system under attack...