A critical OS command injection vulnerability in openlabs docker-wkhtmltopdf-aas exposes systems to full remote code execution by unauthenticated attackers.

This is a command injection flaw (CWE-78) located in the app.py component. An unauthenticated attacker can exploit this by submitting a specially crafted POST request, which fails to properly neutralize special elements used in OS commands, resulting in arbitrary code execution.

The CVSS score of 9.8 confirms the extreme severity of this vulnerability. Successful exploitation permits an attacker to gain full control over the underlying host system, leading to total data compromise, lateral movement within the network, and potential disruption of critical business services.

Immediate Action: Upgrade to the latest version of docker-wkhtmltopdf-aas to ensure the vulnerable app.py component is patched.

Proactive Monitoring: Inspect application and system logs for suspicious POST requests containing shell metacharacters or unexpected system commands.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block common command injection patterns in HTTP request bodies.

Public Exploit Available: false

Given the critical nature of command injection vulnerabilities, organizations must prioritize patching this component. Ensure that any instance of docker-wkhtmltopdf-aas is updated immediately to prevent potential remote compromise of the server infrastructure.