An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers.
References
Configurations
No configuration.
History
21 Nov 2024, 09:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/bpampuch/pdfmake/issues/2702 - | |
References | () https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md - | |
References | () https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-6347243 - | |
References | () https://www.youtube.com/watch?v=QcOlrWUGo6o - |
26 Aug 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
01 May 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. | |
References |
|
19 Apr 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2024, 14:04
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Feb 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-29 18:15
Updated : 2024-11-21 09:00
NVD link : CVE-2024-25180
Mitre link : CVE-2024-25180
CVE.ORG link : CVE-2024-25180
JSON object : View
Products Affected
No product.
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')