0.005 Low
EPSS
Percentile
75.4%
Versions of pdf-image before 2.0.0 are vulnerable to command injection. This vulnerability is exploitable if the attacker has control over the pdfFilePath variable passed into pdf-image.
pdf-image
pdfFilePath
Update to version 2.0.0 or later.
github.com/roest01/node-pdf-image
github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83
hackerone.com/reports/340208
nvd.nist.gov/vuln/detail/CVE-2018-3757
www.npmjs.com/advisories/670