SnykCVELIST:CVE-2021-23353CVE-2021-23353 Regular Expression Denial of Service (ReDoS)
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
0.005 Low
EPSS
Percentile
76.5%
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
CNA Affected
[
{
"product": "jspdf",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e
github.com/MrRio/jsPDF/pull/3091
snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286
snyk.io/vuln/SNYK-JS-JSPDF-1073626
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
0.005 Low
EPSS
Percentile
76.5%