CVE-2024-25180

Опубликовано: 29 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers.

Ссылки

https://github.com/bpampuch/pdfmake/issues/2702
Issue Tracking
https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md
Broken Link
https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-6347243
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=QcOlrWUGo6o
Exploit
https://github.com/bpampuch/pdfmake/issues/2702
Issue Tracking
https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md
Broken Link
https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-6347243
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=QcOlrWUGo6o
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pdfmake_project:pdfmake:0.2.9:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00428

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-3wcf-84jq-4rxx