{"uuid": "e82f651e-5bb4-447d-bf8b-f03c103a0570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/218", "content": "CVE-2024-4367-Arbitrary JavaScript Execution in PDF.JS\n\n- Built -in ranger in Firefox\n-node.js module pdfjs-dist\n- Sites with PDF pre -examination\n- Applications on Electron.\n\nAnd a bunch of places where you can operate XSS or RCE (in the case of Electron under certain conditions), in PDF.js.\n\nPOC: https://github.com/lourc0d3/cve-2024-4367-poc\n\nRESPER: https://codeanlabs.com/blog/research/cve-2024-4367-arry-js-js-in-pdf-js\n\ud83d\udcda ZeroEthical Course \ud83d\udc8e", "creation_timestamp": "2024-05-26T23:10:20.000000Z"}