CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.9%

CVSS Severity

CVSS v3 Score 7.3

References

https://github.com/nrhirani/node-qpdf/issues/23
https://security.snyk.io/vuln/SNYK-JS-NODEQPDF-5747918
https://github.com/nrhirani/node-qpdf/issues/23
https://security.snyk.io/vuln/SNYK-JS-NODEQPDF-5747918

Products affected by CVE-2023-26155

Nrhirani » Node-Qpdf » Version: N/A

cpe:2.3:a:nrhirani:node-qpdf:-
Nrhirani » Node-Qpdf » Version: 1.0.0

cpe:2.3:a:nrhirani:node-qpdf:1.0.0
Nrhirani » Node-Qpdf » Version: 1.0.1

cpe:2.3:a:nrhirani:node-qpdf:1.0.1
Nrhirani » Node-Qpdf » Version: 1.0.2

cpe:2.3:a:nrhirani:node-qpdf:1.0.2
Nrhirani » Node-Qpdf » Version: 1.0.3

cpe:2.3:a:nrhirani:node-qpdf:1.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-26155

Products

Pricing

Contact Us