High severityNVD Advisory· Published Oct 14, 2023· Updated Sep 17, 2024
CVE-2023-26155
CVE-2023-26155
Description
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
node-qpdfnpm | <= 1.0.3 | — |
Affected products
2- node-qpdf/node-qpdfdescription
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.