EUVD-2022-6464

Malicious code in bioql PyPI...

cv-letter (=1.0.0), docogen (>=0.0.3 <=0.1.6) +4 more potentially affected by CVE-2020-28433 via node-latex-pdf (=0.0.2)

node-latex-pdf NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-latex-pdf and may be impacted: - cv-letter =1.0.0 - docogen =0.0.3, =0.0.1, =0.0.7 - resume-builder-iitrpr =1.0.0 Source cves: CVE-2020-28433 Source advisory:...

GHSA-32FW-9WQ8-9X9C node-latex-pdf is susceptible to command injection

A command injection vulnerability affects all versions of the package node-latex-pdf...

node-latex-pdf is susceptible to command injection

A command injection vulnerability affects all versions of the package node-latex-pdf...

CVE-2020-28433

This affects all versions of package node-latex-pdf...

Code injection

This affects all versions of package node-latex-pdf...

CVE-2020-28433

CVE-2020-28433 affects all versions of the npm package node-latex-pdf. Multiple sources describe a command injection vulnerability arising from insecure handling in the package (notably in the compilation/execution flow of the internal function, enabling arbitrary commands to be injected). The cr...

CVE-2020-28433 Command Injection

This affects all versions of package node-latex-pdf...

npm package node-latex-pdf 命令注入漏洞

The npm package node-latex-pdf is a package for converting latex files to pdf format from the US company npm. A command injection vulnerability exists in all versions of node-latex-pdf, which stems from the presence of command injection...

PT-2022-8889 · Unknown · Node-Latex-Pdf

Name of the Vulnerable Software and Affected Versions: node-latex-pdf versions all Description: A command injection issue affects the package. This allows for potential exploitation. The estimated number of potentially affected devices is not provided. Recommendations: For all versions, consider...

Command Injection

Overview node-latex-pdf is a package that converts your latex files to pdf format. Affected versions of this package are vulnerable to Command Injection. PoC var a =require"node-latex-pdf"; a"./","& touch JHU",function Remediation There is no fixed version for node-latex-pdf. Credit: JHU System...

cv-letter (=1.0.0), docogen (>=0.0.3 <=0.1.6) +4 more potentially affected by CVE-2020-28433 via node-latex-pdf (=0.0.2)

node-latex-pdf NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-latex-pdf and may be impacted: - cv-letter =1.0.0 - docogen =0.0.3, =0.0.1, =0.0.7 - resume-builder-iitrpr =1.0.0 Source cves: CVE-2020-28433 Source advisory:...