CVE-2016-4991 (nodepdf) | allinfosecnews.com

July 28, 2022, 5:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0.

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months, 1 week ago | web.nvd.nist.gov

attackers cve denial of service issue +1

CVE-2023-40101 (android) 6 months, 1 week ago | web.nvd.nist.gov

android check collapse cve +7

CVE-2023-21377 (android) 6 months, 1 week ago | web.nvd.nist.gov

android bypass cve disclosure +8

CVE-2023-21380 (android) 6 months, 1 week ago | web.nvd.nist.gov

android bluetooth buffer buffer overflow +9

CVE-2023-21382 (android) 6 months, 1 week ago | web.nvd.nist.gov

access android check cve +11

CVE-2023-21381 (android) 6 months, 1 week ago | web.nvd.nist.gov

android arbitrary code code code execution +10

CVE-2023-21385 (android) 6 months, 1 week ago | web.nvd.nist.gov

android corruption cve disclosure +7

CVE-2023-21387 (android) 6 months, 1 week ago | web.nvd.nist.gov

android backup bypass cve +11

CVE-2023-21389 (android) 6 months, 1 week ago | web.nvd.nist.gov

android bypass check cve +10

Senior PAM Security Engineer

@ Experian | Hyderabad, India

View on infosec-jobs.com

Cybersecurity Analyst II

@ Spry Methods | Washington, DC (Hybrid)

View on infosec-jobs.com

Cyber Security Engineer

@ Expleo | Gothenburg, AC, Sweden

View on infosec-jobs.com

Cybersecurity – Information System Security Manager (ISSM)

@ Boeing | USA - Albuquerque, NM

View on infosec-jobs.com

Senior Security Engineer - Canada

@ DataVisor | Ontario, Canada - Remote

View on infosec-jobs.com

Cybersecurity Architect

@ HARMAN International | JP Tokyo 3-5-7 Ariake Koto-ku

View on infosec-jobs.com