Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://hackerone.com/reports/781664 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2020-02-28T19:24:41
Updated: 2024-08-04T09:48:25.599Z
Reserved: 2020-01-28T00:00:00
Link: CVE-2020-8132
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-02-28T20:15:11.693
Modified: 2020-03-03T18:15:26.217
Link: CVE-2020-8132
Redhat
No data.