Ruby/pdfkit/0.2.1
Uses wkhtmltopdf to create PDFs using HTML
https://rubygems.org/gems/pdfkit
UNKNOWN
4 Security Vulnerabilities
PDFKit Improper Input Validation vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2013-1607
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82563
- https://web.archive.org/web/20200229104225/https://www.securityfocus.com/bid/58303/info
- https://github.com/advisories/GHSA-39v7-xpq4-8884
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pdfkit/CVE-2013-1607.yml
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
PDFKit vulnerable to Command Injection
- https://nvd.nist.gov/vuln/detail/CVE-2022-25765
- https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58
- https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50
- https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
- https://github.com/advisories/GHSA-rhwx-hjx2-x4qr
- https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb#L55-L58
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pdfkit/CVE-2022-25765.yml
- https://github.com/pdfkit/pdfkit/releases/tag/v0.8.7
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/
- https://github.com/pdfkit/pdfkit/issues/517
- https://github.com/pdfkit/pdfkit/pull/519
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/
- http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html
The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized.
Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2.
PDFKit Gem for Ruby PDF File Generation Parameter Handling Remote Code Execution
PDFKit Gem for Ruby contains a flaw that is due to the program failing to properly validate input during the handling of parameters when generating PDF files. This may allow a remote attacker to potentially execute arbitrary code via the pdfkit generation options.
PDFKit vulnerable to Command Injection
The package pdfkit from version 0.0.0 through version 0.8.6 is vulnerable to Command Injection where the URL is not properly sanitized.
40 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
0.8.7.3 | MIT | 2023-05-30 - 17:15 | 12 months | |
0.8.7.2 | MIT | 2022-10-18 - 19:07 | over 1 year | |
0.8.7.1 | MIT | 2 | 2022-10-17 - 14:37 | over 1 year |
0.8.7 | MIT | 2 | 2022-10-02 - 16:55 | over 1 year |
0.8.6 | MIT | 2 | 2022-04-11 - 19:17 | about 2 years |
0.8.5 | MIT | 2 | 2021-01-24 - 03:59 | over 3 years |
0.8.4.2 | MIT | 2 | 2020-04-01 - 15:58 | about 4 years |
0.8.4.1 | MIT | 2 | 2019-02-22 - 23:05 | about 5 years |
0.8.4 | MIT | 2 | 2019-02-22 - 00:23 | about 5 years |
0.8.3 | MIT | 2 | 2019-02-14 - 15:07 | about 5 years |
0.8.2 | UNKNOWN | 2 | 2015-08-26 - 23:02 | over 8 years |
0.8.1 | UNKNOWN | 2 | 2015-08-21 - 14:29 | over 8 years |
0.8.0 | UNKNOWN | 2 | 2015-07-08 - 17:17 | almost 9 years |
0.8.4.3.1 | MIT | 2 | 2020-07-06 - 01:09 | almost 4 years |
0.8.4.3.2 | MIT | 2 | 2020-08-16 - 21:51 | over 3 years |
0.7.0 | UNKNOWN | 2 | 2015-05-11 - 21:54 | about 9 years |
0.6.2 | UNKNOWN | 2 | 2014-03-20 - 22:54 | about 10 years |
0.6.1 | UNKNOWN | 2 | 2014-02-19 - 01:16 | about 10 years |
0.5.4 | UNKNOWN | 2 | 2013-06-12 - 18:58 | almost 11 years |
0.5.3 | UNKNOWN | 2 | 2013-02-21 - 16:18 | about 11 years |
0.5.2 | UNKNOWN | 4 | 2011-07-02 - 17:55 | almost 13 years |
0.5.1 | UNKNOWN | 4 | 2011-06-17 - 18:24 | almost 13 years |
0.5.0 | UNKNOWN | 4 | 2010-12-27 - 19:55 | over 13 years |
0.4.6 | UNKNOWN | 4 | 2010-09-03 - 15:32 | over 13 years |
0.4.5 | UNKNOWN | 4 | 2010-08-24 - 19:20 | over 13 years |
0.4.4 | UNKNOWN | 4 | 2010-08-20 - 15:31 | over 13 years |
0.4.3 | UNKNOWN | 4 | 2010-07-30 - 13:51 | almost 14 years |
0.4.2 | UNKNOWN | 4 | 2010-07-23 - 13:29 | almost 14 years |
0.4.1 | UNKNOWN | 4 | 2010-07-19 - 20:56 | almost 14 years |
0.4.0 | UNKNOWN | 4 | 2010-07-16 - 18:02 | almost 14 years |
0.3.3 | UNKNOWN | 4 | 2010-06-18 - 14:34 | almost 14 years |
0.3.2 | UNKNOWN | 4 | 2010-06-18 - 13:48 | almost 14 years |
0.3.1 | UNKNOWN | 4 | 2010-06-15 - 16:27 | almost 14 years |
0.3.0 | UNKNOWN | 4 | 2010-06-11 - 15:29 | almost 14 years |
0.2.3 | UNKNOWN | 4 | 2010-06-01 - 15:18 | almost 14 years |
0.2.2 | UNKNOWN | 4 | 2010-05-24 - 21:11 | almost 14 years |
0.2.1 | UNKNOWN | 4 | 2010-05-24 - 20:54 | almost 14 years |
0.2.0 | UNKNOWN | 4 | 2010-05-24 - 16:40 | almost 14 years |
0.1.1 | UNKNOWN | 4 | 2010-05-24 - 13:07 | almost 14 years |
0.1.0 | UNKNOWN | 4 | 2010-05-21 - 19:42 | almost 14 years |