CVE-2022-46161

Source
https://cve.org/CVERecord?id=CVE-2022-46161
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46161.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-46161
Published
2022-12-06T18:47:00.669Z
Modified
2026-04-10T04:52:57.213135Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Code injection in pdfmake
Details

pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input.

Database specific
{
    "cwe_ids": [
        "CWE-94"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/46xxx/CVE-2022-46161.json"
}
References

Affected packages

Git / github.com/bpampuch/pdfmake

Affected ranges

Type
GIT
Repo
https://github.com/bpampuch/pdfmake
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.2.5"
        }
    ]
}

Affected versions

0.*
0.0.10
0.0.11
0.0.12
0.0.13
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.13
0.1.15
0.1.17
0.1.18
0.1.2
0.1.20
0.1.22
0.1.23
0.1.24
0.1.25
0.1.26
0.1.27
0.1.28
0.1.29
0.1.3
0.1.30
0.1.31
0.1.32
0.1.33
0.1.34
0.1.35
0.1.36
0.1.37
0.1.38
0.1.39
0.1.40
0.1.41
0.1.50
0.1.51
0.1.52
0.1.53
0.1.54
0.1.55
0.1.56
0.1.57
0.1.58
0.1.59
0.1.6
0.1.60
0.1.61
0.1.62
0.1.63
0.1.64
0.1.65
0.1.66
0.1.67
0.1.68
0.1.69
0.1.7
0.1.70
0.1.71
0.1.8
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46161.json"