CVE-2020-8132

CRITICAL9.8EPSS 0.46%

Improper Input Validation and Code Injection in pdf-image

發布日:2021/5/10修改日:2023/11/8

描述

Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.

受影響套件(1)

npm/pdf-imagefrom 0, <= 2.0.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-8132
WEBhttps://hackerone.com/reports/781664