Description
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.
Remediation
References
https://hackerone.com/reports/330957
Related Vulnerabilities
CVE-2022-41931 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-ui
CVE-2023-22621 Vulnerability in npm package @strapi/plugin-users-permissions
CVE-2022-43424 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage
CVE-2017-16037 Vulnerability in npm package gomeplus-h5-proxy
CVE-2022-36918 Vulnerability in maven package org.jenkins-ci.plugins:buckminster