Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36231: pdf_info | RubyGems.org | your community gem host

pdf_info 0.5.3 is vulnerable to Command Execution.

CVE
#pdf#ruby

RubyGems.org is the Ruby community’s gem hosting service. Instantly publish your gems and then install them. Use the API to find out more about available gems. Become a contributor and improve the site yourself.

RubyGems.org is made possible through a partnership with the greater Ruby community. Fastly provides bandwidth and CDN support, Ruby Central covers infrastructure costs, and Ruby Together funds ongoing development and ops work. Learn more about our sponsors and how they work together.

We need your help to fund the developer time that keeps RubyGems.org running smoothly for everyone. Join Ruby Together today.

Related news

GHSA-9fh3-j99m-f4v7: Code injection in pdf_info

pdf_info 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907