CVE-2024-1648

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-1648

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1648.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-1648

Aliases

GHSA-3jcv-5f9p-2f2p

Published

2024-02-20T01:15:07.943Z

Modified

2026-03-14T12:30:40.430035Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

electron-pdf version 20.0.0 allows an external attacker to remotely obtain

arbitrary local files. This is possible because the application does not

validate the HTML content entered by the user.

References

Affected packages

Git / github.com/fraserxu/electron-pdf

Affected ranges

Type

GIT

Repo

https://github.com/fraserxu/electron-pdf

Events

Introduced

Last affected

f2f3b9c45645ef513be5c4ef9cfbaff37a4891a9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.0.0"
        }
    ]
}

Affected versions

v0.*

v0.10.0

v0.10.1

v0.13.0

v0.13.1

v0.4.0

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.1

v1.2.3

v1.2.4

v1.2.5

v10.*

v10.0.0

v10.0.1

v10.0.2

v15.*

v15.0.0

v20.*

v20.0.0

v4.*

v4.0.0

v4.0.1

v4.0.10

v4.0.2

v4.0.3

v4.0.5

v4.0.6

v4.0.7

v4.0.9

v7.*

v7.0.0

v7.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1648.json"