EPSS
Percentile
75.3%
pdf-image is vulnerable to remote code execution (RCE) attacks. The vulnerability exists as unsanitized user input could be fed into the exec of getInfo(), leading to remote code execution (RCE) attacks.
exec
getInfo()
github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83
hackerone.com/defmax
hackerone.com/reports/340208
hackerone.com/reports/781664