Uploaded image for project: 'Nuxeo Web UI'
  1. Nuxeo Web UI
  2. WEBUI-1532

[PDF.js] Analyze and fix CVE-2024-4367 with PDF.js

    XMLWordPrintable

    Details

    • Type: Epic
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web UI

      Description

      https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js

       

      PDF.js library is impacted by a security flaw.

      AC:

      • Identify if Web UI is impacted or not and mention it as a comment in this ticket.
        • If yes, list impacted versions of Web UI
        • If no, mention it and state why
      • Update PDF.js library to a version >= 4.2.67

        Attachments

          Issue Links

          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. WEBUI-1514 [May 2024] Security fixes for Web UI third-party libraries

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. WEBUI-1587 Prevent PDF preview to run malicious javascript

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: