We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pdfjs-dist has a high level, arbitrary code injection vulnerability for versions <= 4.1.392. react-pdf is still using a 3.x.x version.
pdfjs-dist
I can see that the isEvalSupported option has been set to false in the 8.0.2 release, which stops the vun from being possible, but for ci pipelines that use a tool like docker scout, it will fail deployments regardless.
isEvalSupported
Update pdfjs-dist to 4.2.67
The alternative has already been implemented, which is fine for users who don't give a hoot about security.
No response
The text was updated successfully, but these errors were encountered:
Duplicate of #1664
Sorry, something went wrong.
No branches or pull requests
Before you start - checklist
Description
pdfjs-disthas a high level, arbitrary code injection vulnerability for versions <= 4.1.392. react-pdf is still using a 3.x.x version.I can see that the
isEvalSupportedoption has been set to false in the 8.0.2 release, which stops the vun from being possible, but for ci pipelines that use a tool like docker scout, it will fail deployments regardless.Proposed solution
Update pdfjs-dist to 4.2.67
Alternatives
The alternative has already been implemented, which is fine for users who don't give a hoot about security.
Additional information
No response
The text was updated successfully, but these errors were encountered: