CVE-2026-25630
survey-pdf Upgraded jsPDF Version Due to Security Vulnerability
描述
The following security vulnerability was identified in jsPDF versions <=3.0.4: [Local File Inclusion/Path Traversal](https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2). ### Impact Since SurveyJS PDF Generator depends on jsPDF, any project using `survey-pdf` v1.12.58 and lower or v2.5.4 and lower could be exposed to this vulnerability. ### Solution SurveyJS PDF Generator has upgraded jsPDF to version >= 4.0.0 and included the fix in the following `survey-pdf` releases: * [v1.12.59](https://www.npmjs.com/package/survey-pdf/v/1.12.59) * [v2.5.5](https://www.npmjs.com/package/survey-pdf/v/2.5.5) ### Action Users should upgrade `survey-pdf` in their projects to v1.12.59+ or v2.5.5+ immediately. ### Notes No other `survey-pdf` dependencies are affected. This update is fully backward-compatible with previous `survey-pdf` releases.
如何修補 CVE-2026-25630
要修補 CVE-2026-25630,請將受影響套件升級到下列已修補版本。
- —升級至 1.12.59 或更新版本
CVE-2026-25630 正在被利用嗎?
目前沒有被利用訊號。CVE-2026-25630 既不在 CISA KEV 也沒有最新的 EPSS 分數。
受影響套件(1)
- from 0, < 1.12.59
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |