Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:18 a.m.12 views

CVE-2024-34342

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

7.1CVSS6.4AI score0.01064EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/05/07 4:48 p.m.9 views

719component (>=1.1.1 <=1.1.6), @21st-night/analytics-web (>=0.65.0 <=0.79.0) +902 more potentially affected by CVE-2024-34342 via react-pdf (>=0.0.10 <=7.7.1)

react-pdf NPM version =0.0.10, =1.1.1, =0.65.0, =0.67.0, =0.53.0, =0.53.0, =0.53.0, =0.53.0, =0.34.0, =0.49.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.48.8 and more Source cves: CVE-2024-34342 Source advisory: OSV:GHSA-87HQ-Q4GP-9WR4...

7.1CVSS7AI score0.01064EPSS
Exploits1
OSV
OSV
added 2024/05/07 2:29 p.m.70 views

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

7.1CVSS6.6AI score0.01064EPSS
Exploits1References8
CVE
CVE
added 2024/05/07 2:29 p.m.264 views

CVE-2024-34342

This CVE affects the react-pdf library (PDF.js integration). When PDF.js loads a malicious PDF and isEvalSupported is true (default), attacker-controlled JavaScript can run in the hosting domain’s context. The vulnerability is fixed in PDF.js when updated to versions 7.7.3 or 8.0.2, and react-pdf...

7.1CVSS6.3AI score0.01064EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/05/07 2:29 p.m.124 views

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

7.1CVSS6.9AI score0.01064EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/05/07 2:29 p.m.35 views

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

7.1CVSS6.7AI score0.01064EPSS
Exploits1References6
Rows per page
Query Builder