Vulnerability Report: GO-2022-1184
- CVE-2022-4643, GHSA-6m4h-hfpp-x8cx
- Affects: code.sajari.com/docconv
- Published: Dec 27, 2022
- Modified: Jun 12, 2023
The manipulation of the argument path to docconv.{ConvertPDF,PDFHasImage} leads to os command injection.
Affected Packages
-
PathVersionsSymbols
-
from v1.1.0 before v1.3.5
6 affected symbols
Aliases
References
- https://github.com/sajari/docconv/pull/110
- https://github.com/sajari/docconv/releases/tag/v1.3.5
- https://github.com/sajari/docconv/commit/b19021ade3d0b71c89d35cb00eb9e589a121faa5
- https://vuldb.com/?id.216502
- https://vuln.go.dev/ID/GO-2022-1184.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.