7.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%
pdfjs-dist is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the default setting isEvalSupported set to true, which allows unrestricted execution of attacker-controlled JavaScript within the hosting domain context.
isEvalSupported