data/reports: add GO-2022-1184.yaml

timothy-king · timothy-king · commit db27d7dfead7 · 2022-12-27T18:18:39.000Z
Aliases: CVE-2022-4643 Fixes #1184 Change-Id: I1c0d8c2562d4624ab18685084c9bf91096987250 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459315 Run-TryBot: Tim King <taking@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/osv/GO-2022-1184.json b/data/osv/GO-2022-1184.json
@@ -0,0 +1,67 @@
+{
+  "id": "GO-2022-1184",
+  "published": "0001-01-01T00:00:00Z",
+  "modified": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-4643"
+  ],
+  "details": "The manipulation of the argument path to docconv.{ConvertPDF,PDFHasImage} leads to os command injection.",
+  "affected": [
+    {
+      "package": {
+        "name": "code.sajari.com/docconv",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "1.1.0"
+            },
+            {
+              "fixed": "1.3.5"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "url": "https://pkg.go.dev/vuln/GO-2022-1184"
+      },
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "code.sajari.com/docconv",
+            "symbols": [
+              "Convert",
+              "ConvertPDF",
+              "ConvertPages",
+              "ConvertPath",
+              "ConvertPathReadability",
+              "PDFHasImage"
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "FIX",
+      "url": "https://github.com/sajari/docconv/pull/110"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/sajari/docconv/releases/tag/v1.3.5"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/sajari/docconv/commit/b19021ade3d0b71c89d35cb00eb9e589a121faa5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.216502"
+    }
+  ],
+  "schema_version": "1.3.1"
+}
diff --git a/data/reports/GO-2022-1184.yaml b/data/reports/GO-2022-1184.yaml
@@ -0,0 +1,26 @@
+modules:
+  - module: code.sajari.com/docconv
+    versions:
+      - introduced: 1.1.0
+        fixed: 1.3.5
+    vulnerable_at: 1.3.4
+    packages:
+      - package: code.sajari.com/docconv
+        symbols:
+          - PDFHasImage
+          - ConvertPDF
+        derived_symbols:
+          - Convert
+          - ConvertPages
+          - ConvertPath
+          - ConvertPathReadability
+description: |
+    The manipulation of the argument path to docconv.{ConvertPDF,PDFHasImage}
+    leads to os command injection.
+cves:
+  - CVE-2022-4643
+references:
+  - fix: https://github.com/sajari/docconv/pull/110
+  - web: https://github.com/sajari/docconv/releases/tag/v1.3.5
+  - fix: https://github.com/sajari/docconv/commit/b19021ade3d0b71c89d35cb00eb9e589a121faa5
+  - web: https://vuldb.com/?id.216502
