Описание
jsPDF has a PDF Object Injection via FreeText color
Impact
User control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions.
If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with..
createAnnotation:colorparameter
Example attack vector:
Patches
The vulnerability has been fixed in jsPDF@4.2.1.
Workarounds
Sanitize user input before passing it to the vulnerable API members.
Ссылки
- https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24
- https://nvd.nist.gov/vuln/detail/CVE-2026-31898
- https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8
- https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208
- https://github.com/parallax/jsPDF/releases/tag/v4.2.1
Пакеты
jspdf
<= 4.2.0
4.2.1
Связанные уязвимости
A flaw was found in jsPDF, a JavaScript library used for generating PDF documents. This vulnerability allows a remote attacker to inject arbitrary PDF objects, including JavaScript actions, into a generated PDF. This can occur if unsanitized user input is provided to the `createAnnotation` method's `color` parameter. When a user opens or interacts with the specially crafted PDF, these injected actions may execute, potentially leading to arbitrary code execution or sensitive information disclosure.
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the `createAnnotation`: `color` parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members.
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...