CVE-2021-45978: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2021-45978 is a security vulnerability affecting Foxit PDF Reader and PDF Editor before version 11.1 on macOS. The vulnerability was discovered and disclosed in January 2022, allowing remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The issue specifically affects the XFA API implementation in the software, where the xfa.host.gotoURL function could be exploited (NVD).

If successfully exploited, this vulnerability could allow remote attackers to execute arbitrary code on the affected system. The vulnerability affects the confidentiality, integrity, and availability of the system with high severity ratings for each aspect (NVD).

The vulnerability has been fixed in Foxit PDF Reader and PDF Editor version 11.1 and later. Users are advised to update their software to the latest version to mitigate this security risk (Foxit Security Bulletins).