exploitDog

CVE-2024-1648

Опубликовано: 20 фев. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

electron-pdf version 20.0.0 allows an external attacker to remotely obtain

arbitrary local files. This is possible because the application does not

validate the HTML content entered by the user.

Ссылки

https://fluidattacks.com/advisories/drake
Exploit
Third Party Advisory
https://www.npmjs.com/package/electron-pdf/
Product
https://fluidattacks.com/advisories/drake
Exploit
Third Party Advisory
https://www.npmjs.com/package/electron-pdf/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fraserxu:electron-pdf:20.0.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 40%

0.00183

Низкий

7.5 High

CVSS3

Дефекты

CWE-79

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3jcv-5f9p-2f2p

CVSS3: 7.5

github

почти 2 года назад

Cross-site Scripting in electron-pdf

EPSS

Процентиль: 40%

0.00183

Низкий

7.5 High

CVSS3

Дефекты

CWE-79

NVD-CWE-noinfo