Wojciech Maj

2 exploits Active since May 2024
CVE-2024-34342 WRITEUP HIGH WRITEUP
react-pdf <7.7.3 and 8.0.0-8.0.2 - PDF.js JavaScript Execution
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.
CVSS 7.1
CVE-2024-34342 WRITEUP HIGH WRITEUP
react-pdf <7.7.3 and 8.0.0-8.0.2 - PDF.js JavaScript Execution
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.
CVSS 7.1