Description
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
Remediation
References
https://hackerone.com/reports/781664
Related Vulnerabilities
CVE-2023-26143 Vulnerability in npm package blamer
CVE-2021-23360 Vulnerability in npm package killport
CVE-2020-8124 Vulnerability in maven package org.webjars.bowergithub.unshiftio:url-parse
CVE-2019-14517 Vulnerability in maven package org.webjars.bower:editor.md
CVE-2018-14041 Vulnerability in maven package org.webjars.bower:bootstrap