From b502f6a08fba3e061dbf2c78cd9d84589c60f5dd Mon Sep 17 00:00:00 2001
From: Abdullah Atta <abdullahatta@streetwriters.co>
Date: Thu, 30 May 2024 15:01:10 +0500
Subject: [PATCH] web: fix CVE-2024-4367

---
 apps/web/src/components/pdf-preview/index.tsx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/web/src/components/pdf-preview/index.tsx b/apps/web/src/components/pdf-preview/index.tsx
index 01b2961e8e..270f87d5b2 100644
--- a/apps/web/src/components/pdf-preview/index.tsx
+++ b/apps/web/src/components/pdf-preview/index.tsx
@@ -239,6 +239,10 @@ export function PdfPreview(props: PdfPreviewProps) {
         onZoom={(e) => {
           if (hash) setPDFConfig(hash, { scale: e.scale });
         }}
+        transformGetDocumentParams={(options) => {
+          (options as any).isEvalSupported = false;
+          return options;
+        }}
         // onDocumentAskPassword={(e) => {
         //   e.verifyPassword("failed");
         // }}