: If shell-escape is enabled, an attacker can run system commands like \write18{ls -la} to list files on the server.

Most people think of LaTeX as a harmless tool for making math homework look pretty. In reality, it is a powerful programming language. If a website takes user input to generate a PDF (like a resume builder or invoice generator) without cleaning that input, an attacker can "inject" commands. 🛡️ Common Attack Vectors

If you're building an app that handles LaTeX, consider these defensive steps:

: Using \input{/etc/passwd} to trick the server into printing the contents of its system files directly into a PDF.

: Using packages like listings to fetch internal files or hit internal network URLs. 🛠️ How to Stay Safe

About Hey Grill, Hey

Susie Bulloch founded Hey Grill Hey in 2015 with one desire: To help people make better BBQ. To date she has created over 550 recipes that millions of people cook every month, making Hey Grill Hey a name synonymous with amazing BBQ. Susie and her husband Todd run a family business that includes a line of signature BBQ rubs, sauces, and gadgets.

Get to know our team

Check us out on social media

Popular Recipes

Latex Injection 51-73.zip Apr 2026

: If shell-escape is enabled, an attacker can run system commands like \write18{ls -la} to list files on the server.

If you're building an app that handles LaTeX, consider these defensive steps: : If shell-escape is enabled, an attacker can

: Using \input{/etc/passwd} to trick the server into printing the contents of its system files directly into a PDF. If a website takes user input to generate

: Using packages like listings to fetch internal files or hit internal network URLs. 🛠️ How to Stay Safe

Pork

New Recipes

Everything Else