pdfjs-dist@1.1.373 vulnerabilities
Generic build of Mozilla's PDF.js library.
-
latest version
4.8.69
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
25 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the pdfjs-dist package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
pdfjs-dist is a Portable Document Format (PDF) library that is built with HTML5. Affected versions of this package are vulnerable to Arbitrary Code Injection in How to fix Arbitrary Code Injection? Upgrade |
<4.2.67
|
pdfjs-dist is a Portable Document Format (PDF) library that is built with HTML5. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. How to fix Cross-site Scripting (XSS)? Upgrade |
<2.0.943
|