Versions of `puppeteer` prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.

## Recommendation

Upgrade to version 1.13.0 or later.

Affected Packages

npm puppeteer

Affected versions: 0 (fixed in 1.13.0)

Related CVEs

CVE-2019-5786

Key Information

GHSA ID

GHSA-c2gp-86p4-5935

Published

September 2, 2020 6:25 PM

Last Modified

September 27, 2021 4:20 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

puppeteer

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 13, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.