What the vulnerability does

01Description

Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.

Key dates

02Disclosure timeline

February 28, 2020 CVE published
August 4, 2024 Record updated