CVE-2023-26155

CVSS V2 None CVSS V3 None
Description
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.
Overview
  • CVE ID
  • CVE-2023-26155
  • Assigner
  • snyk
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-10-14T05:00:00.965Z
  • Last Modified Date
  • 2023-10-14T05:00:00.965Z
History
Created Old Value New Value Data Type Notes
2024-06-24 23:22:53 Added to TrackCVE