Описание
Command injection in itext7-core
iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
Пакеты
Наименование
com.itextpdf:itext7-core
maven
Затронутые версииВерсия исправления
< 7.1.17
7.1.17
Наименование
com.itextpdf:itextpdf
maven
Затронутые версииВерсия исправления
< 5.5.13.3
5.5.13.3
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 4 лет назад
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
CVSS3: 9.8
nvd
около 4 лет назад
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
CVSS3: 9.8
debian
около 4 лет назад
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows comma ...