ГлавнаяУязвимости → CVE-2024-1648
7.5высокая

CVE-2024-1648

Описание

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

Затрагиваемое ПО
Fraserxu Electron-pdf
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://fluidattacks.com/advisories/drakehttps://www.npmjs.com/package/electron-pdf/https://fluidattacks.com/advisories/drakehttps://www.npmjs.com/package/electron-pdf/