pdf_info <= 0.5.3 OS Command Injection
CVE-2022-36231
The ruby gem pdf_info <= 053 is vulnerable to OS Command Injection when executing a method on a PDF::Info object
An attacker using a specially crafted payload may execute OS commands by using command chaining
Vulnerability Analysis
When creating a new PDF::Info object the initialize command is called
def initialize(pdf_path)
@pdf_path = pdf_path
end