12 matches found
EUVD-2023-2729
Malicious code in bioql PyPI...
CVE-2023-26155
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...
node-qpdf vulnerable to command injection
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...
fileopsx (>=1.0.1 <=1.0.2), xml2pdf (>=1.0.0 <=1.1.0) potentially affected by CVE-2023-26155 via node-qpdf (=1.0.3)
node-qpdf NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on node-qpdf and may be impacted: - fileopsx =1.0.1, =1.0.0, =1.1.0 Source cves: CVE-2023-26155 Source advisory: OSV:GHSA-FPR8-4WVX-J9Q3...
GHSA-FPR8-4WVX-J9Q3 node-qpdf vulnerable to command injection
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...
Command injection
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...
CVE-2023-26155
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...
CVE-2023-26155
node-qpdf is vulnerable to Command Injection due to encrypt() not sanitizing input before passing it to a sensitive command execution API. Affected: all versions. Root cause: unsanitized parameter input in encrypt() leads to command execution when a PDF file path is provided. Impact: potential ar...
CVE-2023-26155
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...
PT-2023-20534 · Node-Qpdf · Node-Qpdf
Name of the Vulnerable Software and Affected Versions: node-qpdf versions all Description: The issue arises from the encrypt method failing to sanitize its parameter input, which later flows into a sensitive command execution API. This allows attackers to inject malicious commands once they can...
Improper Neutralization of Special Elements used in a Command
Overview node-qpdf is an A Content Preserving transformations on PDFs wrapped around QPDF Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in a Command such that the package-exported method encrypt fails to sanitize its parameter input, which...
fileopsx (>=1.0.1 <=1.0.2), xml2pdf (>=1.0.0 <=1.1.0) potentially affected by CVE-2023-26155 via node-qpdf (=1.0.3)
node-qpdf NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on node-qpdf and may be impacted: - fileopsx =1.0.1, =1.0.0, =1.1.0 Source cves: CVE-2023-26155 Source advisory: SNYK:JS-NODEQPDF-5747918...