Description
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.
Remediation
References
https://hackerone.com/reports/330957
Related Vulnerabilities
CVE-2023-37899 Vulnerability in npm package @feathersjs/transport-commons
CVE-2021-34429 Vulnerability in maven package org.eclipse.jetty:jetty-webapp
CVE-2021-25948 Vulnerability in npm package expand-hash
CVE-2022-36920 Vulnerability in maven package org.jenkins-ci.plugins:coverity
CVE-2019-16869 Vulnerability in maven package io.netty:netty