VDB
CVE-2024-34342
CVE-2024-34342
PUBLISHED
CVSS 7.099999904632568 HIGH
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
EPSS 4.89% · 89.7th percentile
Risk Scores
CVSS v3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
EPSS Score
4.89%
89.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wojtekmaj | react-pdf | < 7.7.3, >= 8.0.0, < 8.0.2 |
| npm | react-pdf | 0, 8.0.0 |
| pdf.js_viewer_project | pdf.js_viewer | < 7.7.3, >= 8.0.0, < 8.0.2 |
Timeline
- Jan 20, 1970 Fix PR Merged
- Jan 21, 1970 Security Advisory
- May 7, 2024 CVE Published
- May 8, 2024 EPSS Score
- May 22, 2024 PoC Published
- Jun 26, 2024 EPSS Score
- Aug 13, 2024 EPSS Score
- Sep 7, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 25, 2024 EPSS Score
- Dec 13, 2024 EPSS Score
- Jan 30, 2025 EPSS Score
References
- https://github.com/wojtekmaj/react-pdf/security/advisories/GHSA-87hq-q4gp-9wr4 url
- https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq url
- https://github.com/mozilla/pdf.js/pull/18015 url
- https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6 url
- https://github.com/wojtekmaj/react-pdf/commit/208f28dd47fe38c33ce4bac4205b2b0a0bb207fe url
- https://github.com/wojtekmaj/react-pdf/commit/671e6eaa2e373e404040c13cc6b668fe39839cad url
- https://nvd.nist.gov/vuln/detail/CVE-2024-34342 advisory
- https://github.com/wojtekmaj/react-pdf package