Описание
pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1.
EPSS
Процентиль: 2%
0.00013
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
7 месяцев назад
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation
EPSS
Процентиль: 2%
0.00013
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79