Main Vulnerability Database Vulnerabilities #VU60182

#VU60182 Improper validation of integrity check value in jspdf

Published: January 31, 2022

Vulnerability identifier: #VU60182

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-354

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
jspdf

Software vendor:
Jelle_S

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to missing integrity check when loading the pdfobject lib from CDN in calls to output('pdfobjectnewwindow'). A remote attacker who is able to compromise CDN or perform MitM attack can inject arbitrary JS code and execute it victim's browser.

Remediation

Install updates from vendor's website.

External links

https://github.com/MrRio/jsPDF/releases/tag/v2.5.1

#VU60182 Improper validation of integrity check value in jspdf

Description

Remediation

External links

Please verify you're human