User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. Other affected methods are: html. Example payload: import { jsPDF } from "jpsdf" const payload = new Uint8Array([117, 171, …
User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are: html, addSvgAsImage. Example payload: import { jsPDF } from "jpsdf"
This affects the package jspdf ReDoS is possible via the addImage function.
In jspdf, it is possible to inject JavaScript code via the html method.
In jspdf, it is possible to use <script> in order to bypass improper filtering protections based off of regular expressions.