Количество 2
Количество 2
CVE-2024-34342
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.
GHSA-87hq-q4gp-9wr4
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-34342 react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2. | CVSS3: 7.1 | 5% Низкий | почти 2 года назад |
| GHSA-87hq-q4gp-9wr4 react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js | CVSS3: 7.1 | 5% Низкий | почти 2 года назад |
Уязвимостей на страницу