Pdfkit V0 — 8.6 Exploit ((new))

The exploit occurs because the library fails to properly escape the URL before including it in the system shell command. For example, if an application code looks like:

: Ensure all user-provided URLs are strictly validated and sanitized before being processed by any PDF generation library. pdfkit v0 8.6 exploit

Consider a Node.js application that allows a user to specify a website URL to turn into a PDF report. A malicious actor provides the following input instead of a real URL: The exploit occurs because the library fails to