pdfjs-dist is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the default setting isEvalSupported
set to true, which allows unrestricted execution of attacker-controlled JavaScript within the hosting domain context.
AI Score
Confidence
EPSS
Percentile
10.3%