CVE-2018-3757
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.
9.8CVSS
9.5AI Score
0.005EPSS
CVE-2020-8132
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
0.006EPSS