CVE-2024-9283

Summary

CVE-2024-9283 is a vulnerability identified in RelaxedJS ReLaXed versions up to 0.2.2, specifically affecting the Pug to PDF Converter component, which is susceptible to cross-site scripting attacks. The vulnerability requires local access for exploitation and has been publicly disclosed, posing a risk of partial integrity impact without affecting confidentiality. To mitigate this issue, users should upgrade to a patched version of the software or implement additional input validation measures. The exploitability score is rated at 1.8, with a base severity classified as low, indicating that while the threat exists, it may not be critical for most organizations. Organizations using affected products should remain vigilant regarding local access controls and risk assessment practices related to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.