CNNVD-202601-817 Information
Jan 05, 2026
cve
CNNVD ID
CNNVD-202601-817
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
jsPDF是Parallax开源的一款基于JavaScript的PDF文档生成库。 jsPDF 4.0.0之前版本存在安全漏洞,该漏洞源于loadFile等方法允许用户控制路径,可能导致本地文件包含或路径遍历攻击。
Description (English)
jsPDF is a PDF-generated library based on JavaScript. The security loophole in the previous jsPDF 4.0.0 version stems from methods such as loadFile that allow users to control the path, which may lead to local files containing or routing attacks.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Parallax
Published
2026-01-05
Last Modified
2026-02-24
References
https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d https://github.com/parallax/jsPDF/releases/tag/v4.0.0 https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2 https://access.redhat.com/security/cve/cve-2025-68428
Patch
https://github.com/parallax/jsPDF/releases
Share on: