jspdf vulnerable to Regular Expression Denial of Service (ReDoS)

Description

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.

Recommendation

Update the jspdf package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.3.1
• Patched version(s): 2.3.1

References

• GHSA-57f3-gghm-9mhc
• snyk.io
• CVE-2021-23353
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) - CVE-2021-23346
• html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) - html-parse-stringify - CVE-2021-23346
• Regular Expression Denial of Service (ReDoS) - ssri - CVE-2021-27290
• Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing - CVE-2024-1899

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

jspdf