React-pdf package security update advisory

May 10 2024

Overview

We have released an update to address a vulnerability in the react-pdf package. users of affected versions are advised to update to the latest version.

Affected Products

react-pdf

~ 7.7.2 (inclusive)
8.0.0 (inclusive) to 8.0.1 (inclusive)

Resolved Vulnerabilities

Vulnerability where malicious PDFs are loaded using PDF.js and PDF.js is configured with `isEvalSupported` set to `true`, attacker-controlled JavaScript is executed in the context of the hosting domain (CVE-2024-34342)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

React-pdf versions 7.7.3, 8.0.2

Referenced Sites

[1] CVE-2024-34342 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-34342

[2] PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

https://github.com/wojtekmaj/react-pdf/security/advisories/GHSA-87hq-q4gp-9wr4

React-pdf package security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tinyproxy Product Security Update Advisory (CVE-2023-49606)

SolarWinds Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Tinyproxy Product Security Update Advisory (CVE-2023-49606)

SolarWinds Product Security Update Advisory