Added template for CVE-2024-4367 #11392
Conversation
|
Hi s1d6point7bugcrowd some feedback on your PR. The vulnerability exists in the parser in vulnerable pdf-js and GET /path/to/malicious_pdf.pdf HTTP/1.1 is rather odd as it's not a path likely to exist so as is this would only detect a PoC file for the vulnerability (if the path was right). Having built functional detections for this issue I can say a good approach would be to parse a HTTP response to detect the path to the JS that is vulnerable and check that it exists. Even then for it to be exploitable a user must be able to have that JS load the PDF. This can be through file upload if there is a native PDF read functionality of the application but there is also a viewer.html bundled with the pdf.js (the viewer could also be signatured on) that is sometimes available and takes a file as an argument. The viewer can also load remote files based on the configuration. Good luck |
Added template for CVE-2024-4367