High severityNVD Advisory· Published Mar 9, 2021· Updated Sep 17, 2024
Regular Expression Denial of Service (ReDoS)
CVE-2021-23353
Description
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jspdfnpm | < 2.3.1 | 2.3.1 |
Affected products
2- jspdf/jspdfdescription
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-57f3-gghm-9mhcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23353ghsaADVISORY
- github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43eghsax_refsource_MISCWEB
- github.com/MrRio/jsPDF/pull/3091ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-JSPDF-1073626ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.