puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.
Upgrade to version 1.13.0 or later.
publishedAdvisory PublishedApr 19th, 2019
reportedReported by Joel GriffithApr 19th, 2019