pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding
- Severity:
- High
Description
Versions of the package pdfmake from 0.3.0-beta.1 to before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.
Recommendation
Update the pdfmake package to the latest compatible version. Followings are version details:
- Affected version(s): >= 0.3.0-beta.1, < 0.3.0-beta.17
- Patched version(s): 0.3.0-beta.17
References
Related Issues
- Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse - CVE-2026-22774
- Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering - CVE-2025-54075
- http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed - CVE-2025-32997
- Improper Verification of Cryptographic Signature in node-forge (GHSA-cfm4-qjh2-4765) - CVE-2022-24771
- Tags:
- npm
- pdfmake
Anything's wrong? Let us know Last updated on October 08, 2025