CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29907 – jsPDF Bypass Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2025-29907
18 Mar 2025 — jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1. • https://github.com/parallax/jsPDF/commit/b167c43c27c466eb914b927885b06073708338df • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2021-23353 – Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2021-23353
09 Mar 2021 — This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function. Esto afecta al paquete jspdf versiones anteriores a 2.3.1. ReDoS es posible por medio de la función addImage • https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7690
https://notcve.org/view.php?id=CVE-2020-7690
06 Jul 2020 — All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method. Todas las versiones afectadas anteriores a la 2.0.0 del paquete jspdf son vulnerables a Cross-site Scripting (XSS). Es posible inyectar código JavaScript mediante el método html. • https://github.com/MrRio/jsPDF/issues/2795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •