pdfinfojs NPM Module Command Injection Vulnerability

pdfinfojs is a Node.js shell through the pdfinfo access module. A command injection vulnerability exists in pdfinfojs NPM module version 0.3.6 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands...

CVE-2018-3746

The pdfinfojs NPM module versions = 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine...

CVE-2018-3746

The pdfinfojs NPM module versions = 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine...

Command Injection

Overview Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor. Recommendation Update to version 0.4.1 or later. References - HackerOne Report - Commit 5cc59cd -...

Command Injection

pdfinfojs is vulnerable to command injections. The application does not parse the filename parameter, allowing a malicious user to inject and execute arbitrary commands...

PT-2018-1370 · Pdfinfojs · Pdfinfojs

Name of the Vulnerable Software and Affected Versions: pdfinfojs versions = 0.3.6 pdfinfojs versions prior to 0.4.1 Description: The issue is related to a lack of neutralization of special elements in input commands for the pdfinfojs module. This can be exploited by a remote attacker to execute...