Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Withdrawn: Arbitrary Code Execution in static-eval #151

Open
Vinod-Telang1 opened this issue Oct 8, 2021 · 1 comment
Open

Withdrawn: Arbitrary Code Execution in static-eval #151

Vinod-Telang1 opened this issue Oct 8, 2021 · 1 comment

Comments

@Vinod-Telang1
Copy link

pdfmake ->SVG-to-PDFKit module having vulnerabilities with following error
Withdrawn: Arbitrary Code Execution in static-eval

pdf-make

Team can you please check this, its occurring with latest version SVG-to-PDFKit i.e 0.1.8

Ref issue: bpampuch/pdfmake#2342
@Vinod-Telang1 Vinod-Telang1 mentioned this issue Oct 8, 2021
Closed
@liborm85
Copy link

liborm85 commented Oct 8, 2021

pdfkit is defined in package.json, but is not used by svg-to-pdfkit:

SVG-to-PDFKit/package.json

Line 11 in f470052

"pdfkit": ">=0.8.1"

pdfkit dependency could be removed and that will solve this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@liborm85 @Vinod-Telang1