CVE-2021-23353
HIGH7.5EPSS 0.67%jspdf vulnerable to Regular Expression Denial of Service (ReDoS)
Published: 3/12/2021Modified: 1/14/2025
Description
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
Affected packages (1)
- npm/jspdffrom 0, < 2.3.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-23353
- WEBhttps://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e
- WEBhttps://github.com/MrRio/jsPDF/pull/3091
- WEBhttps://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289
- WEBhttps://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287
- WEBhttps://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288
- WEBhttps://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286
- WEBhttps://snyk.io/vuln/SNYK-JS-JSPDF-1073626