{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T01:51:18.527","vulnerabilities":[{"cve":{"id":"CVE-2022-46161","sourceIdentifier":"security-advisories@github.com","published":"2022-12-06T19:15:10.520","lastModified":"2025-10-20T15:56:39.987","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input."},{"lang":"es","value":"pdfmake es una impresión de PDF del lado cliente/servidor de código abierto en JavaScript puro. En versiones hasta la 0.2.5 incluida, pdfmake contiene una evaluación insegura de la entrada controlada por el usuario. Por lo tanto, los usuarios de pdfmake están sujetos a la ejecución de código arbitrario en el contexto del proceso que ejecuta el código pdfmake. No se conocen soluciones para este problema. Se recomienda a los usuarios que restrinjan el acceso a las entradas de usuarios confiables."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pdfmake:pdfmake:*:*:*:*:*:*:*:*","versionEndIncluding":"0.2.5","matchCriteriaId":"E9C80B83-1EFE-4FB1-8E5F-DFDC0CED44E5"}]}]}],"references":[{"url":"https://github.com/bpampuch/pdfmake/blob/802813970ac6de68a0bd0931b74150b33da0dd18/dev-playground/server.js#L32","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://securitylab.github.com/advisories/GHSL-2022-068_pdfmake/","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/bpampuch/pdfmake/blob/802813970ac6de68a0bd0931b74150b33da0dd18/dev-playground/server.js#L32","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://securitylab.github.com/advisories/GHSL-2022-068_pdfmake/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}