Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Security vulnerability in react-pdf@7.7.1 #250

Open
Ryanv030 opened this issue May 10, 2024 · 4 comments
Open

Security vulnerability in react-pdf@7.7.1 #250

Ryanv030 opened this issue May 10, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@Ryanv030
Copy link

Original vulnerability that affected react-pdf: GHSA-wgrm-67xf-hhpq

react-pdf fix: GHSA-87hq-q4gp-9wr4

Updating to react-pdf@7.7.3 will fix the issue.

Thanks!
@cyntler
Copy link
Owner

cyntler commented May 12, 2024

@Ryanv030 Try to use the latest version: https://github.com/cyntler/react-doc-viewer/releases/tag/v1.15.0. I updated the version.

@Ryanv030
Copy link
Author

Looks like that worked for fixing the security vulnerability, unfortunately we're still going to be getting flagged even though it's technically fixed.

The maintainer of react-pdf made a comment about his plans on fixing this in the future. (just in case you get more issues about this)

@cyntler cyntler added the bug Something isn't working label May 16, 2024
@xiaolongkipsi
Copy link

react-pdf is updated. Can it be upgraded so it won't get flagged?

@xiaolongkipsi
Copy link

xiaolongkipsi commented May 29, 2024
edited
Loading

9.0.0
https://github.com/wojtekmaj/react-pdf/releases

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cyntler @Ryanv030 @xiaolongkipsi