Vulnerabilities > CVE-2022-24720

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

image-processing-project

debian

critical

NVD

Published: 2022-03-01

Updated: 2023-07-03

Summary

image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations.

Vulnerable Configurations

Part	Description	Count
Application	Image_Processing_Project Image Processing Project Image Processing 0.1.0 Image Processing Project Image Processing 0.2.0 Image Processing Project Image Processing 0.2.1 Image Processing Project Image Processing 0.2.2 Image Processing Project Image Processing 0.2.3 Image Processing Project Image Processing 0.2.4 Image Processing Project Image Processing 0.2.5 Image Processing Project Image Processing 0.3.0 Image Processing Project Image Processing 0.4.0 Image Processing Project Image Processing 0.4.1 Image Processing Project Image Processing 0.4.2 Image Processing Project Image Processing 0.4.3 Image Processing Project Image Processing 0.4.4 Image Processing Project Image Processing 0.4.5 Image Processing Project Image Processing 0.9.0 Image Processing Project Image Processing 0.10.0 Image Processing Project Image Processing 0.10.1 Image Processing Project Image Processing 0.10.2 Image Processing Project Image Processing 0.10.3 Image Processing Project Image Processing 0.11.0 Image Processing Project Image Processing 0.11.1 Image Processing Project Image Processing 0.11.2 Image Processing Project Image Processing 1.0.0 Image Processing Project Image Processing 1.1.0 Image Processing Project Image Processing 1.2.0 Image Processing Project Image Processing 1.3.0 Image Processing Project Image Processing 1.4.0 Image Processing Project Image Processing 1.5.0 Image Processing Project Image Processing 1.6.0 Image Processing Project Image Processing 1.7.0 Image Processing Project Image Processing 1.7.1 Image Processing Project Image Processing 1.8.0 Image Processing Project Image Processing 1.9.0 Image Processing Project Image Processing 1.9.1 Image Processing Project Image Processing 1.9.2 Image Processing Project Image Processing 1.9.3 Image Processing Project Image Processing 1.10.0 Image Processing Project Image Processing 1.10.1 Image Processing Project Image Processing 1.10.2 Image Processing Project Image Processing 1.10.3 Image Processing Project Image Processing 1.11.0 Image Processing Project Image Processing 1.12.0 Image Processing Project Image Processing 1.12.1	43
OS	Debian Debian Debian Linux 11.0	1

Vulnerabilities > CVE-2022-24720 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-24720"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-24720