universalviewer icon indicating copy to clipboard operation
universalviewer copied to clipboard
verified publisher icon UniversalViewer

Upgrade to [email protected] to mitigate vulnerability

Open darrowcousc opened this issue 5 years ago • 2 comments

UV version:

 [email protected]

I'm submitting a:

  • [x] bug report
  • [ ] feature request => please use the user stories repo
  • [ ] support request => Please do not submit support requests here, use stackoverflow

Current behavior:

Vulnerability description: CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer PDF Viewer will run code from PDF files, missing validation for /Domain and /Range parameters

Expected behavior:

Updated module

Steps to reproduce:

Related code:

// insert any relevant code here

Other information:

darrowcousc avatar May 07 '20 23:05 darrowcousc

All issues will be triaged for further investigation or closure by the 28 September 2023. If your issue is still relevant and would like for it be investigated further please comment by 14 September 2023.

LlGC-szw avatar Aug 25 '23 11:08 LlGC-szw

@edsilv, this seems worth doing and is hopefully not difficult.

demiankatz avatar Sep 28 '23 15:09 demiankatz