3 matches found
CVE-2018-3757
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter...
CVE-2018-3757
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter...
CVE-2018-3757
pdf-image prior to 2.0.0 is vulnerable to command injection via an unescaped pdfFilePath parameter, enabling arbitrary shell commands to be executed (RCE). Impact is consistent with remote code execution if an attacker controls the input. The recommended remediation is to upgrade to version 2.0.0...