examples icon indicating copy to clipboard operation
examples copied to clipboard

Published 20 hours ago verified publisher icon react-pdf-viewer

Venerability in the PDFJS-Dist & Latest PDFJS Dist is not supported

Open shaangidwani opened this issue 7 months ago • 2 comments
trafficstars

Hi Team,

There is Venerability in the PDFJS-Dist.

CVE Code: CVE-2024-4367

CVE-2024-4367 is a critical vulnerability in the PDF.js library, which is used for rendering PDF files in web browsers. This vulnerability allows attackers to inject and execute arbitrary JavaScript code within a user’s browser, leading to a Cross-Site Scripting (XSS) attack.

Vulnerability: Arbitrary JavaScript execution when a malicious PDF file is opened.

To fix this vulnerability, we need to upgrade the latest version of PDFJS-DIst, which is currently not supported by react-pdf-viewer.

Please fix this and make it compatible with a newer version of PDFJS-Dist.

Please let me know if you have any questions about this. I would appreciate your help.

shaangidwani avatar Apr 04 '25 14:04 shaangidwani

Any updates on this? Please help to fix this issue. We are stuck here.

shaangidwani avatar Apr 08 '25 09:04 shaangidwani

Any updates on this? Please help to fix this issue. We are stuck here.

shaangidwani avatar Apr 10 '25 06:04 shaangidwani