CVE-2023-26155

CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.

Source: CVE-2023-26155

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다