Description
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
Remediation
References
https://hackerone.com/reports/781664
Related Vulnerabilities
CVE-2023-29517 Vulnerability in maven package org.xwiki.platform:xwiki-platform-office-viewer
CVE-2023-48711 Vulnerability in maven package org.webjars.npm:google-translate-api-browser
CVE-2021-29446 Vulnerability in npm package jose-node-cjs-runtime
CVE-2023-37899 Vulnerability in npm package @feathersjs/transport-commons