Security
Headlines

Headlines Latest CVEs

Headline

GHSA-fpr8-4wvx-j9q3: node-qpdf vulnerable to command injection

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.

1 year ago

node-qpdf vulnerable to command injection

High severity GitHub Reviewed Published Oct 14, 2023 to the GitHub Advisory Database • Updated Oct 17, 2023

Related news

CVE-2023-26155: Potential command injection vulnerability in node-qpdf · Issue #23 · nrhirani/node-qpdf

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.

1 year ago

#vulnerability #rce #pdf

ghsa: Latest News

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

16 hours ago

GHSA-93ww-43rr-79v3: Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination

18 hours ago

GHSA-jgwc-jh89-rpgq: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

19 hours ago

GHSA-xg58-75qf-9r67: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

19 hours ago

GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting

19 hours ago