Количество 2
Количество 2
CVE-2023-26155
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.
GHSA-fpr8-4wvx-j9q3
node-qpdf vulnerable to command injection
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-26155 All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path. | CVSS3: 7.3 | 0% Низкий | больше 2 лет назад |
| GHSA-fpr8-4wvx-j9q3 node-qpdf vulnerable to command injection | CVSS3: 7.3 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу