Security vulnerabilities in PDF.js Express

Dependency-Check Report.pdf (443.9 KB)

PDF.js Express Version

Detailed description of issue
We are planning to use PDF.js Express but found some security vulnerabilities in it. (Please see the attached report). Can PDFTron resolve the reported issue so that we can get approval from our security department and use PDF.js Express in our website.

Expected behaviour
{Provide a screenshot or description of the expected behaviour}

Does your issue happen with every document, or just one?
{Answer here}

Link to document
please see the attached report for the list of vulnerabilitiesProcessing: dependency-check-report-PDFjsExpress.html…

Code snippet
{Provide a relevant code snippet}

Hello, I’m Ron, an automated tech support bot

While you wait for one of our customer support representatives to get back to you, please check out some of these documentation pages:

• Annotation samples for PDF.js Express
• Searching in PDF.js Express - Get started
• Browser support for PDF.js Express

• PDF.js Express Utilities
• ExpressUtils(optionsopt) - # async extract() → {Promise.}
• Adding a download button

• I cannot use PDF.JS Express to open a PDF file by url in a Vue Project, please help me figure out how is that happen
• Annotation goes non responsive(View only) if left still for a week
• Undefined is not a valid destination type

Hi Amit,

These dependencies appear to be used to generate our documentation files and are not used by the execution of the actual PDF.js Express WebViewer. What you can do is try deleting the folder /root/Downloads/pdfjsexpress/doc/* and see if that helps you pass your security tests. If this does not work for you let me know.

Cheers,
Dustin