Description

The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.

Remediation

References

https://hackerone.com/reports/330957

Related Vulnerabilities

CVE-2015-2080 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all

CVE-2023-41578 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent

CVE-2020-7663 Vulnerability in npm package websocket-extensions

CVE-2019-1010266 Vulnerability in npm package lodash

CVE-2010-1330 Vulnerability in maven package org.jruby.jcodings:jcodings

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory