Описание
jspdf vulnerable to Regular Expression Denial of Service (ReDoS)
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-23353
- https://github.com/MrRio/jsPDF/pull/3091
- https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286
- https://snyk.io/vuln/SNYK-JS-JSPDF-1073626
Пакеты
Наименование
jspdf
npm
Затронутые версииВерсия исправления
< 2.3.1
2.3.1
Связанные уязвимости
CVSS3: 5.9
nvd
почти 5 лет назад
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
CVSS3: 5.9
debian
почти 5 лет назад
This affects the package jspdf before 2.3.1. ReDoS is possible via the ...