Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:46793
HistoryMay 08, 2024 - 4:43 a.m.

Remote Code Execution (RCE)

2024-05-0804:43:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
120
pdfjs-dist
vulnerability
remote code execution
rce
default setting
isevalsupported

AI Score

7.8

Confidence

High

EPSS

0

Percentile

10.3%

pdfjs-dist is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the default setting isEvalSupported set to true, which allows unrestricted execution of attacker-controlled JavaScript within the hosting domain context.