6 matches found
CVE-2024-34342
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...
719component (>=1.1.1 <=1.1.6), @21st-night/analytics-web (>=0.65.0 <=0.79.0) +902 more potentially affected by CVE-2024-34342 via react-pdf (>=0.0.10 <=7.7.1)
react-pdf NPM version =0.0.10, =1.1.1, =0.65.0, =0.67.0, =0.53.0, =0.53.0, =0.53.0, =0.53.0, =0.34.0, =0.49.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.48.8 and more Source cves: CVE-2024-34342 Source advisory: OSV:GHSA-87HQ-Q4GP-9WR4...
CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...
CVE-2024-34342
This CVE affects the react-pdf library (PDF.js integration). When PDF.js loads a malicious PDF and isEvalSupported is true (default), attacker-controlled JavaScript can run in the hosting domain’s context. The vulnerability is fixed in PDF.js when updated to versions 7.7.3 or 8.0.2, and react-pdf...
CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...
CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...