Description
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.
Remediation
References
https://hackerone.com/reports/330957
Related Vulnerabilities
CVE-2022-34115 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2020-28277 Vulnerability in npm package dset
CVE-2020-19676 Vulnerability in maven package com.alibaba.nacos:nacos-api
CVE-2021-46361 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2022-27772 Vulnerability in maven package org.springframework.boot:spring-boot