npm

Severity: high

Use-After-Free

puppeteer

Overview

Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.

Remediation

Upgrade to version 1.13.0 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Apr 19th, 2019
  2. reported

    Reported by Joel Griffith
    Apr 19th, 2019