Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2N3AtbW13cS14Njc0

High EPSS: 0.00459% (0.63117 Percentile) EPSS:
Permalink JSON

Improper Input Validation and Code Injection in pdf-image

Affected Packages Affected Versions Fixed Versions
npm:pdf-image <= 2.0.0 No known fixed version
27 Dependent packages
203 Dependent repositories
42,338 Downloads last month

Affected Version Ranges

All affected versions

0.0.1, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 2.0.0

Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.

References:

Identifiers

GHSA-rv7p-mmwq-x674

CVE-2020-8132

Risk

Severity

High

EPSS

EPSS Percentage: 0.00459

EPSS Percentile: 0.63117

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

about 4 years ago

Updated

over 2 years ago

API

JSON