-
-
Notifications
You must be signed in to change notification settings - Fork 409
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(Snyk Security Code Tool) Arbitrary Code Injection affecting package pdfjs-dist #1102
Comments
I also found that same vulnerability when running
|
Hello! Any solution to this? |
To get around this, I added the following to my package.json:
then in the consuming component I had to override the pdfWorkerSrc variable:
|
Thank you! But it doesn't compile when I do that. I have the version: and Any suggestions or something I'm missing? Thanks again! |
I suggest folks here read the release notes and relevant PRs, the security issue was closed but the pdfjs package itself wasn’t updated all the way so automated alerts like this won’t go away (perhaps they can be dismissed another way, I don’t know). This project is not currently compatible with pdfjs 4.x to my knowledge so the security issue was closed by another valid published means |
Bug Report or Feature Request (mark with an
x
)Don't know if is "Bug report", but a few days ago, a kind of a popular tool called "Snyk Security" (also a VScode extension), occured an error about ng2-pdf-viewer library.
When I hovered, it displayed this message "Arbitrary Code Injection affecting package pdfjs-dist". I checked the generated report and suggested to 'Upgrade pdfjs-dist to version 4.2.67 or higher.'
This is the URL of the full report
https://security.snyk.io/vuln/SNYK-JS-PDFJSDIST-6810403
The text was updated successfully, but these errors were encountered: