Incorrect Regular Expression in jspdf - #VU60183

 

Incorrect Regular Expression in jspdf - #VU60183

Published: January 31, 2022


Vulnerability identifier: #VU60183
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-185
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Jelle_S
Affected software:
jspdf

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to inefficient regular expression in setDisplayMode. A remote attacker can pass specially crafted data to the application and cause high CPU load, resulting in regular expression denial of service (ReDoS) attack.


Remediation

Install updates from vendor's website.

Sources