Nice Philanthropist Metalhead
    Severity: high

    Use-After-Free

    puppeteer

    Overview

    Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.

    Remediation

    Upgrade to version 1.13.0 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Apr 19th, 2019
    2. reported

      Reported by Joel Griffith
      Apr 19th, 2019