Cross-User Data Leakage

jsPDF is vulnerable to Cross-User Data Leakage. The vulnerability is due to use of a shared module-scoped variable in the addJS method, where JavaScript content is stored globally in the Node.js build, allowing concurrent PDF generation requests to overwrite each other’s data and cause one user’s...

jsPDF has Local File Inclusion/Path Traversal vulnerability

Impact User control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node proce...