pdf_info <= 0.5.3 OS Command Injection
CVE-2022-36231 The ruby gem pdf_info <= 053 is vulnerable to OS Command Injection when executing a method on a PDF::Info object An attacker using a specially crafted payload may execute OS commands by using command chaining Vulnerability Analysis When creating a new PDF::Info object the initialize command is called def initialize(pdf_path) @pdf_path = pdf_path end