EPSS
Percentile
72.4%
pdfinfojs is vulnerable to command injections. The application does not parse the filename parameter, allowing a malicious user to inject and execute arbitrary commands.
github.com/fagbokforlaget/pdfinfojs/commit/5cc59cd8aa13ca8d16bb41da8affdfef370ad4fd
hackerone.com/reports/330957