Arbitrary Command Injection Affecting pdfinfojs package, versions <0.4.1
Threat Intelligence
Exploit Maturity
Mature
EPSS
0.36% (73rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID npm:pdfinfojs:20180409
- published 25 Apr 2018
- disclosed 9 Apr 2018
- credit caioluders
Overview
pdfinfojs provides access to pdfinfo via shell in nodejs.
Affected versions of this package are vulnerable to Arbitrary Command Injection. It allows an attacker to execute arbitrary commands on the victim's machine.
Remediaition
Upgrade pdfinfojs
to version 0.4.1 or higher.
References
CVSS Scores
version 3.1