Lucene search
K

75 matches found

Tenable Nessus
Tenable Nessus
added 2022/12/23 12:0 a.m.32 views

Fedora 36 : rubygem-pdfkit (2022-3ec8272e72)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-3ec8272e72 advisory. Update to 0.8.7. This new release fixes CVE-2022-25765. Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

9.8CVSS8.2AI score0.38924EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2022/12/22 12:0 a.m.41 views

Fedora 35 : rubygem-pdfkit (2022-6da143f1a2)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-6da143f1a2 advisory. Update to 0.8.7. This new release fixes CVE-2022-25765. Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

9.8CVSS8.2AI score0.38924EPSS
Exploits11References2
GithubExploit
GithubExploit
added 2022/12/11 2:2 p.m.284 views

Exploit for CVE-2022-25765

CVE-2022-25765...

9.8CVSS9.5AI score0.38924EPSS
Exploits11
GithubExploit
GithubExploit
added 2022/12/04 9:0 p.m.5 views

Exploit for CVE-2022-25765

CVE-2022-25765-pdfkit-Exploit-Reverse-Shell pdfkit 0.8.6 c...

9.8CVSS8.2AI score0.38924EPSS
Exploits11
Fedora
Fedora
added 2022/11/10 10:49 p.m.63 views

[SECURITY] Fedora 37 Update: rubygem-pdfkit-0.8.7.2-1.fc37

Create PDFs using plain old HTML+CSS. Uses wkhtmltopdf on the back-end which renders HTML using Webkit...

9.8CVSS1.3AI score0.38924EPSS
Exploits11
OpenVAS
OpenVAS
added 2022/10/12 12:0 a.m.25 views

Fedora: Security Advisory for rubygem-pdfkit (FEDORA-2022-6da143f1a2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.38924EPSS
Exploits11References2
OSV
OSV
added 2022/09/10 12:0 a.m.76 views

GHSA-RHWX-HJX2-X4QR PDFKit vulnerable to Command Injection

The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized. Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2...

9.8CVSS9.5AI score0.38924EPSS
Exploits11References14
Github Security Blog
Github Security Blog
added 2022/09/10 12:0 a.m.103 views

PDFKit vulnerable to Command Injection

The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized. Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2...

9.8CVSS3.4AI score0.38924EPSS
Exploits11References14Affected Software1
RubySec
RubySec
added 2022/09/10 12:0 a.m.39 views

PDFKit vulnerable to Command Injection

The package pdfkit from version 0.0.0 through version 0.8.6 is vulnerable to Command Injection where the URL is not properly sanitized...

9.8CVSS3.9AI score0.38924EPSS
Exploits11References1Affected Software1
OSV
OSV
added 2022/09/09 5:15 a.m.1 views

CVE-2022-25765

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized...

9.8CVSS5.8AI score0.38924EPSS
Exploits11References7
NVD
NVD
added 2022/09/09 5:15 a.m.23 views

CVE-2022-25765

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized...

9.8CVSS0.38924EPSS
Exploits11References7
Cvelist
Cvelist
added 2022/09/09 5:0 a.m.18 views

CVE-2022-25765 Command Injection

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized...

7.3CVSS9.8AI score0.38924EPSS
Exploits11References7
CVE
CVE
added 2022/09/09 5:0 a.m.206 views

CVE-2022-25765

CVE-2022-25765 affects pdfkit (Ruby gem) with command injection in which pdfkit passes the user-supplied URL straight to wkhtmltopdf, allowing shell interpretation via backticks. Exploitation details show RCE via crafted URLs (e.g., http://example.comcmd), with multiple public PoCs/exploits and a...

9.8CVSS8.5AI score0.38924EPSS
Exploits11References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/09 5:0 a.m.2 views

CVE-2022-25765

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized...

9.8CVSS7.2AI score0.38924EPSS
Exploits11References11
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.4 views

Apple PDFKit 安全漏洞

Apple PDFKit is one of Apple's Apple PDF document generation components. A security vulnerability exists in Apple PDFKit, which can be exploited by attackers to execute illegal commands...

9.8CVSS8.3AI score0.38924EPSS
Exploits11References10
Snyk
Snyk
added 2022/06/14 2:12 p.m.1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection where the URL is not properly sanitized. NOTE: This issue was originally addressed in 0.8.7, but the fix was not complete. A complete fix was released in 0.8.7.2. PoC: An application could be vulnerable if it tries to...

9.8CVSS7.8AI score0.38924EPSS
Exploits11References2
OSV
OSV
added 2022/05/05 12:29 a.m.12 views

GHSA-39V7-XPQ4-8884 PDFKit Improper Input Validation vulnerability

Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability...

9.8CVSS9.5AI score0.02675EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/05 12:29 a.m.26 views

PDFKit Improper Input Validation vulnerability

Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability...

9.8CVSS2.9AI score0.02675EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2020/02/11 6:15 p.m.15 views

CVE-2013-1607

Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability...

9.8CVSS9.5AI score0.02675EPSS
Exploits0References2
Prion
Prion
added 2020/02/11 6:15 p.m.11 views

Remote code execution

Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability...

7.5CVSS7.4AI score0.02675EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder