Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25755

Опубликовано: 19 фев. 2026
Источник: redhat
CVSS3: 9.6
EPSS Низкий

Описание

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the addJS method.

A flaw was found in jsPDF. The addJS method accepts user input without proper sanitization, allowing an attacker to inject arbitrary PDF objects into the document. A specially crafted payload that escapes the JavaScript string delimiter can execute malicious actions or alter the document structure, resulting in arbitrary code execution when a user opens a PDF with a viewer that supports embedded scripts.

Отчет

To exploit this flaw, an attacker must be able to supply a specially crafted payload to the application using the addJS method and convince a user to open the generated PDF document with a viewer that supports embedded scripts. Due to these reasons, this vulnerability has been rated with an important severity.

Меры по смягчению последствий

To mitigate this vulnerability, sanitize the user-provided JavaScript code before passing it to the addJS method by strictly escaping backslashes and parentheses. Additionally, do not open PDF documents from untrusted sources.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Security 4advanced-cluster-security/rhacs-main-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-94
https://bugzilla.redhat.com/show_bug.cgi?id=2440993jsPDF: PDF object injection via unsanitized input in addJS method

EPSS

Процентиль: 4%
0.00016
Низкий

9.6 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-25755

CVSS3: 8.1
nvd
около 1 месяца назад

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method.

debian логотип

CVE-2026-25755

CVSS3: 8.1
debian
около 1 месяца назад

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, use ...

github логотип

GHSA-9vjf-qc39-jprp

CVSS3: 8.1
github
около 1 месяца назад

jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method

fstec логотип

BDU:2026-02102

CVSS3: 8.8
fstec
около 1 месяца назад

Уязвимость функции addJS() библиотеки для создания PDF-файлов jsPDF, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 4%
0.00016
Низкий

9.6 Critical

CVSS3