Description
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
Remediation
References
https://hackerone.com/reports/781664
Related Vulnerabilities
CVE-2018-3721 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash
CVE-2022-38369 Vulnerability in maven package org.apache.iotdb:iotdb-server
CVE-2020-16022 Vulnerability in npm package electron
CVE-2022-31108 Vulnerability in npm package mermaid
CVE-2021-34371 Vulnerability in maven package org.neo4j:neo4j