pdfjs-dist@2.0.489 vulnerabilities

Generic build of Mozilla's PDF.js library.

latest version

4.1.392
latest non vulnerable version

4.1.392
first published

10 years ago
latest version published

12 days ago
licenses detected
- Apache-2.0
  >=0
View pdfjs-dist package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pdfjs-dist package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Cross-site Scripting (XSS) pdfjs-dist is a Portable Document Format (PDF) library that is built with HTML5. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. How to fix Cross-site Scripting (XSS)? Upgrade `pdfjs-dist` to version 2.0.943 or higher.	<2.0.943

Cross-site Scripting (XSS)

pdfjs-dist is a Portable Document Format (PDF) library that is built with HTML5.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

How to fix Cross-site Scripting (XSS)?

Upgrade pdfjs-dist to version 2.0.943 or higher.

<2.0.943

Go back to all versions of this package

pdfjs-dist@2.0.489 vulnerabilities

Generic build of Mozilla's PDF.js library.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities