Headline
CVE-2020-28433: Snyk Vulnerability Database | Snyk
This affects all versions of package node-latex-pdf.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications
snyk-id
SNYK-JS-NODELATEXPDF-1050426
published
21 Jan 2021
disclosed
11 Dec 2020
credit
JHU System Security Lab
How to fix?
There is no fixed version for node-latex-pdf.
Overview
node-latex-pdf is a package that converts your latex files to pdf format.
Affected versions of this package are vulnerable to Command Injection.
PoC
var a =require("node-latex-pdf");
a("./","& touch JHU",function(){})Related news
GHSA-32fw-9wq8-9x9c: node-latex-pdf is susceptible to command injection
A command injection vulnerability affects all versions of the package node-latex-pdf.