CVE-2024-34342

Published May 7th, 2024

View on NVD ↗

CVSS v3

7.1

HIGH

CVSS v2

N/A

Affected

PROJECTS

Description

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.

wojtekmaj/react-pdf

Display PDFs in your React app as easily as if they were images.

GitHub

11.1K

mozilla/pdf.js

PDF Reader in JavaScript

GitHub

53.4K