MidnightBSD

Advisories for fraserxu

CVE-2024-1648

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
help@fluidattacks.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
fraserxu electron-pdf 20.0.0