Skip to content

Venerability in the PDFJS-Dist & Latest PDFJS Dist is not supported #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
shaangidwani opened this issue Apr 4, 2025 · 2 comments
Open

Venerability in the PDFJS-Dist & Latest PDFJS Dist is not supported #107

shaangidwani opened this issue Apr 4, 2025 · 2 comments

Comments

@shaangidwani
Copy link

Hi Team,

There is Venerability in the PDFJS-Dist.

CVE Code: CVE-2024-4367

CVE-2024-4367 is a critical vulnerability in the PDF.js library, which is used for rendering PDF files in web browsers. This vulnerability allows attackers to inject and execute arbitrary JavaScript code within a user’s browser, leading to a Cross-Site Scripting (XSS) attack.

Vulnerability: Arbitrary JavaScript execution when a malicious PDF file is opened.

To fix this vulnerability, we need to upgrade the latest version of PDFJS-DIst, which is currently not supported by react-pdf-viewer.

Please fix this and make it compatible with a newer version of PDFJS-Dist.

Please let me know if you have any questions about this. I would appreciate your help.
@shaangidwani
Copy link
Author

Any updates on this? Please help to fix this issue. We are stuck here.

1 similar comment
@shaangidwani
Copy link
Author

Any updates on this? Please help to fix this issue. We are stuck here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shaangidwani