GHSA-rj3r-r7hh-jxfq

Опубликовано: 07 окт. 2025

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding

Versions of the package pdfmake from 0.3.0-beta.1 to before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.

Ссылки

Пакеты

Наименование

pdfmake

npm

Затронутые версииВерсия исправления

>= 0.3.0-beta.1, < 0.3.0-beta.17

0.3.0-beta.17

EPSS

Процентиль: 19%

0.0006

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2025-11362

Дефекты

CWE-770

Связанные уязвимости

CVE-2025-11362

CVSS3: 7.5

nvd

4 месяца назад

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.

EPSS

Процентиль: 19%

0.0006

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2025-11362

Дефекты

CWE-770