0.004 Low
EPSS
Percentile
72.4%
Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor.
pdfinfojs
Update to version 0.4.1 or later.
github.com/advisories/GHSA-3pxp-6963-46r9
github.com/fagbokforlaget/pdfinfojs/commit/5cc59cd8aa13ca8d16bb41da8affdfef370ad4fd
hackerone.com/reports/330957
nvd.nist.gov/vuln/detail/CVE-2018-3746
www.npmjs.com/advisories/643