Vulnerability Description
pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pdfmake | Pdfmake | <= 0.2.5 |
Related Weaknesses (CWE)
References
- https://github.com/bpampuch/pdfmake/blob/802813970ac6de68a0bd0931b74150b33da0dd1ExploitThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2022-068_pdfmake/ExploitThird Party Advisory
- https://github.com/bpampuch/pdfmake/blob/802813970ac6de68a0bd0931b74150b33da0dd1ExploitThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2022-068_pdfmake/ExploitThird Party Advisory
FAQ
What is CVE-2022-46161?
CVE-2022-46161 is a vulnerability with a CVSS score of 10.0 (CRITICAL). pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are...
How severe is CVE-2022-46161?
CVE-2022-46161 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-46161?
Check the references section above for vendor advisories and patch information. Affected products include: Pdfmake Pdfmake.