CNNVD-202602-044 Information
Feb 02, 2026
cve
CNNVD ID
CNNVD-202602-044
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
jsPDF是Parallax开源的一款基于JavaScript的PDF文档生成库。 jsPDF 4.1.0之前版本存在安全漏洞,该漏洞源于Acroform模块的属性和方法允许用户注入任意PDF对象,如JavaScript操作。
Description (English)
jsPDF is a PDF-generated library based on JavaScript. There is a security loophole in the pre-JsPDF 4.1.0 version, which stems from the Acroform module properties and methods that allow users to inject any PDF object, such as JavaScript.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Parallax
Published
2026-02-02
Last Modified
2026-02-24
References
https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79 https://github.com/parallax/jsPDF/releases/tag/v4.1.0 https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328
Patch
https://parall.ax/products/jspdf
Share on: