CVE-2025-31693 – drupal/ai

Package

Manager: composer
Name: drupal/ai
Vulnerable Version: >=0 <1.0.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

EPSS: 0.00063 pctl0.19956

Details

Drupal AI Vulnerable to OS Command Injection Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection. This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

Metadata

Created: 2025-04-01T00:30:34Z
Modified: 2025-04-15T15:55:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vx9m-rfxq-gr74/GHSA-vx9m-rfxq-gr74.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-vx9m-rfxq-gr74
Finding: F404
Auto approve: 1