Pdfmake · Pdfmake · CVE-2022-46161
**Name of the Vulnerable Software and Affected Versions**
pdfmake versions up to and including 0.2.5
**Description**
pdfmake contains an unsafe evaluation of user-controlled input, which can lead to arbitrary code execution in the context of the process running the pdfmake code. Users are advised to restrict access to trusted user input.
**Recommendations**
For versions up to and including 0.2.5, restrict access to trusted user input as a temporary workaround to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.