CVE-2024-34342

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-34342
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34342.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-34342
Aliases
Published
2024-05-07T15:15:09Z
Modified
2024-10-12T11:24:19.680811Z
Summary
[none]
Details

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.

References

Affected packages

Git / github.com/mozilla/pdf.js

Affected ranges

Type
GIT
Repo
https://github.com/mozilla/pdf.js
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/wojtekmaj/react-pdf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.277

milestone-0.*

milestone-0.2

v0.*

v0.1.0
v0.3.459
v0.4.11
v0.5.5
v0.8.1181
v0.8.1334

v1.*

v1.0.0
v1.0.1
v1.0.1040
v1.0.1149
v1.0.2
v1.0.21
v1.0.277
v1.0.403
v1.0.473
v1.0.68
v1.0.712
v1.0.907
v1.1.0
v1.1.1
v1.1.114
v1.1.215
v1.1.3
v1.1.366
v1.1.469
v1.10.88
v1.2.0
v1.2.109
v1.3.0
v1.3.1
v1.3.2
v1.3.88
v1.4.0
v1.4.11
v1.4.20
v1.5.0
v1.5.1
v1.5.188
v1.6.0
v1.6.1
v1.6.210
v1.7.0
v1.7.225
v1.8.0
v1.8.1
v1.8.170
v1.8.188
v1.8.2
v1.8.3
v1.9.426
v1.x

v2.*

v2.0.0
v2.0.0-alpha
v2.0.0-alpha.1
v2.0.0-alpha.2
v2.0.0-alpha.3
v2.0.0-alpha.4
v2.0.0-alpha.5
v2.0.0-alpha.6
v2.0.0-alpha.7
v2.0.0-beta
v2.0.0-beta.2
v2.0.0-beta.3
v2.0.0-beta.4
v2.0.0-beta.5
v2.0.943
v2.1.0
v2.1.1
v2.1.2
v2.1.266
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.10.377
v2.11.338
v2.12.313
v2.13.216
v2.14.305
v2.15.349
v2.16.105
v2.2.0
v2.2.0-beta
v2.2.0-beta.2
v2.2.0-beta.3
v2.2.228
v2.3.0
v2.3.200
v2.4.0
v2.4.1
v2.4.2
v2.4.456
v2.5.0
v2.5.1
v2.5.2
v2.5.207
v2.6.347
v2.7.570
v2.8.335
v2.9.359

v3.*

v3.0.0
v3.0.0-alpha
v3.0.0-alpha.2
v3.0.0-alpha.3
v3.0.0-alpha.4
v3.0.0-beta
v3.0.1
v3.0.2
v3.0.279
v3.0.3
v3.0.4
v3.1.81
v3.10.111
v3.11.174
v3.2.146
v3.3.122
v3.4.120
v3.5.141
v3.6.172
v3.7.107
v3.8.162
v3.9.179

v4.*

v4.0.0
v4.0.0-beta
v4.0.0-beta.2
v4.0.0-beta.3
v4.0.0-beta.4
v4.0.0-beta.5
v4.0.0-beta.6
v4.0.1
v4.0.189
v4.0.2
v4.0.269
v4.0.3
v4.0.379
v4.0.4
v4.0.5
v4.1.0
v4.1.392
v4.2.0
v4.x

v5.*

v5.0.0
v5.0.0-beta
v5.0.0-beta.2
v5.0.0-beta.3
v5.0.0-beta.4
v5.0.0-beta.5
v5.1.0
v5.1.0-beta
v5.2.0
v5.3.0
v5.3.1
v5.3.2
v5.4.0
v5.4.1
v5.5.0
v5.6.0
v5.7.0
v5.7.1
v5.7.2
v5.x

v6.*

v6.0.0
v6.0.0-beta
v6.0.0-beta.2
v6.0.0-beta.3
v6.0.0-beta.4
v6.0.0-beta.5
v6.0.0-beta.6
v6.0.1
v6.0.2
v6.0.3
v6.1.0
v6.1.1
v6.2.0
v6.2.1
v6.2.2
v6.x

v7.*

v7.0.0
v7.0.0-beta
v7.0.0-beta.2
v7.0.0-beta.3
v7.0.0-beta.4
v7.0.1
v7.0.2
v7.0.3
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.2.0
v7.3.0
v7.3.1
v7.3.2
v7.3.3
v7.4.0
v7.5.0
v7.5.1
v7.6.0
v7.7.0
v7.7.1

v8.*

v8.0.0
v8.0.1

Other

vundefined