Command Injection in pdfinfojs

2018-06-07T19:43:00
ID GHSA-3PXP-6963-46R9
Type github
Reporter GitHub Advisory Database
Modified 2020-08-31T18:31:04

Description

Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor.

Recommendation

Update to version 0.4.1 or later.