CVE-2025-31692 – drupal/ai

Package

Manager: composer
Name: drupal/ai
Vulnerable Version: >=0 <1.0.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

EPSS: 0.00186 pctl0.40694

Details

Drupal AI Vulnerable to OS Command Injection via Optional Automator Types Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection. This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

Metadata

Created: 2025-04-01T00:30:35Z
Modified: 2025-04-02T17:14:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-pwjq-fx3v-8f9r/GHSA-pwjq-fx3v-8f9r.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-pwjq-fx3v-8f9r
Finding: F404
Auto approve: 1