-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Aliases: CVE-2022-4643 Fixes #1184 Change-Id: I1c0d8c2562d4624ab18685084c9bf91096987250 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459315 Run-TryBot: Tim King <taking@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
- Loading branch information
1 parent
24bc9b8
commit db27d7d
Showing
2 changed files
with
93 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| { | ||
| "id": "GO-2022-1184", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2022-4643" | ||
| ], | ||
| "details": "The manipulation of the argument path to docconv.{ConvertPDF,PDFHasImage} leads to os command injection.", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "code.sajari.com/docconv", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "1.1.0" | ||
| }, | ||
| { | ||
| "fixed": "1.3.5" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2022-1184" | ||
| }, | ||
| "ecosystem_specific": { | ||
| "imports": [ | ||
| { | ||
| "path": "code.sajari.com/docconv", | ||
| "symbols": [ | ||
| "Convert", | ||
| "ConvertPDF", | ||
| "ConvertPages", | ||
| "ConvertPath", | ||
| "ConvertPathReadability", | ||
| "PDFHasImage" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/sajari/docconv/pull/110" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/sajari/docconv/releases/tag/v1.3.5" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/sajari/docconv/commit/b19021ade3d0b71c89d35cb00eb9e589a121faa5" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.216502" | ||
| } | ||
| ], | ||
| "schema_version": "1.3.1" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| modules: | ||
| - module: code.sajari.com/docconv | ||
| versions: | ||
| - introduced: 1.1.0 | ||
| fixed: 1.3.5 | ||
| vulnerable_at: 1.3.4 | ||
| packages: | ||
| - package: code.sajari.com/docconv | ||
| symbols: | ||
| - PDFHasImage | ||
| - ConvertPDF | ||
| derived_symbols: | ||
| - Convert | ||
| - ConvertPages | ||
| - ConvertPath | ||
| - ConvertPathReadability | ||
| description: | | ||
| The manipulation of the argument path to docconv.{ConvertPDF,PDFHasImage} | ||
| leads to os command injection. | ||
| cves: | ||
| - CVE-2022-4643 | ||
| references: | ||
| - fix: https://github.com/sajari/docconv/pull/110 | ||
| - web: https://github.com/sajari/docconv/releases/tag/v1.3.5 | ||
| - fix: https://github.com/sajari/docconv/commit/b19021ade3d0b71c89d35cb00eb9e589a121faa5 | ||
| - web: https://vuldb.com/?id.216502 |