GHSA-57f3-gghm-9mhc

Suggest an improvement
Source
https://github.com/advisories/GHSA-57f3-gghm-9mhc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-57f3-gghm-9mhc/GHSA-57f3-gghm-9mhc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-57f3-gghm-9mhc
Aliases
  • CVE-2021-23353
  • SNYK-JAVA-ORGWEBJARS-1083289
  • SNYK-JAVA-ORGWEBJARSBOWER-1083287
  • SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288
  • SNYK-JAVA-ORGWEBJARSNPM-1083286
  • SNYK-JS-JSPDF-1073626
Published
2021-03-12T21:28:46Z
Modified
2023-11-08T04:05:04.818029Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
jspdf vulnerable to Regular Expression Denial of Service (ReDoS)
Details

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.

References

Affected packages

npm / jspdf

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.1