CVE-2024-1648

Name of the Vulnerable Software and Affected Versions electron-pdf version 20.0.0

Description The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

Recommendations For electron-pdf version 20.0.0, consider disabling the HTML content validation bypass as a temporary workaround until a patch is available. Restrict access to sensitive local files to minimize the risk of exploitation. Avoid using the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.