Описание
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B. Typically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side. The vulnerability has been fixed in jsPDF@4.1.0.
A flaw was found in jsPDF. When jsPDF is used in a concurrent environment, such as a Node.js web server, a race condition in the addJS method can lead to cross-user data leakage. This occurs because a shared variable used to store JavaScript content can be overwritten by simultaneous requests. As a result, a PDF generated for one user may contain sensitive JavaScript content intended for another user, leading to unauthorized information disclosure.
Отчет
This MODERATE impact vulnerability in jsPDF affects applications utilizing the addJS method in a concurrent server-side Node.js environment. A shared module-scoped variable can lead to cross-user data leakage when multiple PDF generation requests occur simultaneously, potentially embedding sensitive data from one user into another's PDF. This primarily impacts server-side deployments where jsPDF is used to generate documents concurrently.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-central-db-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-rhel8-operator | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-roxctl-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-v4-db-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-v4-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security for Kubernetes 4.8 | advanced-cluster-security/rhacs-main-rhel8 | Fixed | RHSA-2026:4466 | 12.03.2026 |
| Red Hat Advanced Cluster Security for Kubernetes 4.9 | advanced-cluster-security/rhacs-main-rhel8 | Fixed | RHSA-2026:4467 | 12.03.2026 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B. Typically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side. The vulnerability has been fixed in jsPDF@4.1.0.
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the ...
7.5 High
CVSS3