org.webjars.npm:pdfjs-dist@1.5.389 vulnerabilities
-
latest version
4.2.67
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
a month ago
-
licenses detected
- [1.0.1040,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.webjars.npm:pdfjs-dist package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.webjars.npm:pdfjs-dist is a Portable Document Format (PDF) library that is built with HTML5. Affected versions of this package are vulnerable to Arbitrary Code Injection in How to fix Arbitrary Code Injection? Upgrade |
[,4.2.67)
|
org.webjars.npm:pdfjs-dist is a Portable Document Format (PDF) library that is built with HTML5. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. How to fix Cross-site Scripting (XSS)? Upgrade |
[,2.0.943)
|