CVE-2020-8132

Опубликовано: 28 фев. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.

Ссылки

https://hackerone.com/reports/781664
Exploit
Patch
Third Party Advisory
https://hackerone.com/reports/781664
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pdf-image_project:pdf-image:*:*:*:*:*:node.js:*:*

Версия до 2.0.0 (включая)

EPSS

Процентиль: 64%

0.00459

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

CWE-20

Связанные уязвимости

GHSA-rv7p-mmwq-x674