From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Tue, 7 May 2024 16:45:19 +0000 (-0700)
Subject: Security: Disable eval in pdfjs (#6615)
X-Git-Tag: v2.8.2~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=076b5b1af5dbd60a8cec3cae6c90dad6219354b7;p=thirdparty%2Fpaperless-ngx.git

Security: Disable eval in pdfjs (#6615)

Closes https://github.com/paperless-ngx/paperless-ngx/security/dependabot/181 see https://github.com/advisories/GHSA-wgrm-67xf-hhpq
---

diff --git a/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts b/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts
index 274b060323..4fc55429af 100644
--- a/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts
+++ b/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts
@@ -35,6 +35,7 @@ import type {
 import { PDFSinglePageViewer } from 'pdfjs-dist/web/pdf_viewer'
 
 PDFJS['verbosity'] = PDFJS.VerbosityLevel.ERRORS
+PDFJS['isEvalSupported'] = false
 
 export enum RenderTextMode {
   DISABLED,