Overview
Versions of puppeteer
prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.
Remediation
Upgrade to version 1.13.0 or later.
Have content suggestions? Visit npmjs.com/support.
Advisory timeline
published
Advisory PublishedApr 19th, 2019reported
Reported by Joel GriffithApr 19th, 2019