Venerability in the PDFJS-Dist & Latest PDFJS Dist is not supported

[shaangidwani]

Hi Team,

There is Venerability in the PDFJS-Dist.

CVE Code: CVE-2024-4367

CVE-2024-4367 is a critical vulnerability in the PDF.js library, which is used for rendering PDF files in web browsers. This vulnerability allows attackers to inject and execute arbitrary JavaScript code within a user’s browser, leading to a Cross-Site Scripting (XSS) attack.

Vulnerability: Arbitrary JavaScript execution when a malicious PDF file is opened.

To fix this vulnerability, we need to upgrade the latest version of PDFJS-DIst, which is currently not supported by react-pdf-viewer.

Please fix this and make it compatible with a newer version of PDFJS-Dist.

Please let me know if you have any questions about this. I would appreciate your help.

[shaangidwani]

Any updates on this? Please help to fix this issue. We are stuck here.

[shaangidwani]

Any updates on this? Please help to fix this issue. We are stuck here.

[rrostock1]

Are there plans to fix this? This is a high-severity vulnerability.