aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63285f61aaf4501a6660be7dfe98c70135c1b89b
vulhub/pdfjs/CVE-2024-4367/README.zh-cn.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

26 lines
603 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# PDF.js 任意JavaScript代码执行CVE-2024-4367
PDF.js是Mozilla推出的一款开源PDF文件阅读器。
其4.1.392版本及以前PDF.js中存在一处JavaScript代码注入漏洞。
参考链接:
- <https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/>
## 漏洞环境
执行如下命令启动一个使用了PDF.js 4.1.392的服务器:
```
docker compose up -d
```
服务启动后,访问`http://your-ip:8080`你可以看到一个上传页面。
## 漏洞复现
上传恶意PDF文件[poc.pdf](poc.pdf)即可触发XSS弹窗
![](1.png)
Reference in New Issue View Git Blame Copy Permalink