CVE-2020-8132
CRITICAL9.8EPSS 0.46%Improper Input Validation and Code Injection in pdf-image
Published: 5/10/2021Modified: 11/8/2023
Also known as:GHSA-rv7p-mmwq-x674
Description
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
Affected packages (1)
- npm/pdf-imagefrom 0, <= 2.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |