← voltar
CVE-2022-46161

Code injection in pdfmake

CVSS 10 CRITICALEPSS 1.6%CWE-94
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 1.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 dez 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
bpampuch · pdfmake

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →