pdf-image

Command Injection

Severity: moderate

Overview

Versions of pdf-image before 2.0.0 are vulnerable to command injection. This vulnerability is exploitable if the attacker has control over the pdfFilePath variable passed into pdf-image.

Remediation

Update to version 2.0.0 or later.

Vulnerable versions

0.0.1
4 years ago
1.0.1
3 years ago
1.0.2
3 years ago
1.0.3
3 years ago
1.0.4
3 years ago
1.1.0
3 years ago
1.0.5
7 months ago

Unaffected versions

2.0.0
3 months ago

Resources

Advisory timeline

  1. published

    Advisory published
    Jun 1st, 2018
  2. reported

    Jun 1st, 2018