pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding
- Severity:
- High
Description
Versions of the package pdfmake from 0.3.0-beta.1 to before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.
Recommendation
Update the pdfmake package to the latest compatible version. Followings are version details:
- Affected version(s): >= 0.3.0-beta.1, < 0.3.0-beta.17
- Patched version(s): 0.3.0-beta.17
References
Related Issues
- angular vulnerable to regular expression denial of service via the $resource service - CVE-2023-26117
- http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed - CVE-2025-32997
- Improper Verification of Cryptographic Signature in node-forge (GHSA-cfm4-qjh2-4765) - CVE-2022-24771
- DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS - Vulnerability
- Tags:
- npm
- pdfmake
Anything's wrong? Let us know Last updated on October 08, 2025