CVE-2020-8132

Summary

Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.

Affected Software

VendorProductVersion RangeStatus
n/apdf-imageNot Fixedaffected

Weaknesses

  • CWE-94: Code Injection (CWE-94)

ADP Enrichment

CVE Program Container

Additional References

References