electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2024-02-20T00:01:50.680Z

Updated: 2024-08-01T18:48:21.883Z

Reserved: 2024-02-19T22:00:56.677Z

Link: CVE-2024-1648

cve-icon Vulnrichment

Updated: 2024-08-01T18:48:21.883Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-20T01:15:07.943

Modified: 2024-11-21T08:51:00.050

Link: CVE-2024-1648

cve-icon Redhat

No data.