0.004 Low
EPSS
Percentile
72.4%
Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor.
pdfinfojs
Update to version 0.4.1 or later.