org.webjars.npm:jspdf 4.0.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:jspdf package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Encoding or Escaping of Output Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the `appearanceState` property of the `AcroForm` module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by injecting malicious input into this property, which is then triggered when a victim interacts with a crafted PDF file. How to fix Improper Encoding or Escaping of Output? Upgrade `org.webjars.npm:jspdf` to version 4.2.0 or higher.	[,4.2.0)
H Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `addImage` and `html` methods. An attacker can cause excessive memory allocation and application unavailability by supplying malicious GIF files with large width or height values as image data or URLs. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `org.webjars.npm:jspdf` to version 4.2.0 or higher.	[,4.2.0)
H Improper Encoding or Escaping of Output Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the `addJS` method. An attacker can inject arbitrary PDF objects and execute malicious actions or alter the document structure by supplying specially crafted input that escapes the JavaScript string delimiter. This can impact any user who opens the generated PDF. How to fix Improper Encoding or Escaping of Output? Upgrade `org.webjars.npm:jspdf` to version 4.2.0 or higher.	[,4.2.0)
H Improper Encoding or Escaping of Output Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the `AcroformChoiceField.addOption`, `AcroformChoiceField.setOptions`, `AcroFormCheckBox.appearanceState`, or `AcroFormRadioButton.appearanceState` functions. An attacker can execute arbitrary JavaScript code in the PDF reader's context by injecting malicious PDF objects, such as JavaScript actions, which are triggered when the user opens the PDF document. How to fix Improper Encoding or Escaping of Output? Upgrade `org.webjars.npm:jspdf` to version 4.2.0 or higher.	[,4.2.0)
H Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `addImage` and `html` methods when processing BMP image data with unvalidated dimensions. An attacker can cause excessive memory allocation and application unavailability by supplying a BMP file with large width or height values. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `org.webjars.npm:jspdf` to version 4.2.0 or higher.	[,4.2.0)
L Race Condition Affected versions of this package are vulnerable to Race Condition in the `addJS` function due to the use of a shared module-scoped variable for storing JavaScript content. An attacker can cause sensitive data intended for one user to be included in another user's PDF by making concurrent requests that exploit the shared state. Note: This is only exploitable when used in a concurrent environment, e.g., on a Node.js web server. How to fix Race Condition? Upgrade `org.webjars.npm:jspdf` to version 4.2.0 or higher.	[,4.2.0)
M XML Injection Affected versions of this package are vulnerable to XML Injection via the `addMetadata` function. An attacker can compromise the integrity of generated PDF files by injecting arbitrary XML into the XMP metadata, potentially spoofing document authorship or other metadata fields. How to fix XML Injection? Upgrade `org.webjars.npm:jspdf` to version 4.2.0 or higher.	[,4.2.0)

Vulnerability

Vulnerable Version

Improper Encoding or Escaping of Output

Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the appearanceState property of the AcroForm module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by injecting malicious input into this property, which is then triggered when a victim interacts with a crafted PDF file.

How to fix Improper Encoding or Escaping of Output?