CVE-2020-8132
published 2020-02-28CVE-2020-8132: Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.99%
78.2th percentile
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pdf-image_project | pdf-image | <= 2.0.0 | — |
| pdf-image_project | pdf-image | — | — |
| pdf-image_project | pdf-image | 0 – 2.0.0 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Input Validation and Code Injection in pdf-image
osv·2021-05-10
CVE-2020-8132 [HIGH] Improper Input Validation and Code Injection in pdf-image
Improper Input Validation and Code Injection in pdf-image
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
GHSA
Improper Input Validation and Code Injection in pdf-image
ghsa·2021-05-10
CVE-2020-8132 [HIGH] CWE-20 Improper Input Validation and Code Injection in pdf-image
Improper Input Validation and Code Injection in pdf-image
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-02-28
Published