CNNVD-202602-051 Information

CNNVD ID

CNNVD-202602-051

Related CVE

CVE-2026-24043

• CNNVD Published: 2026-02-02

Description (Chinese)

jsPDF是Parallax开源的一款基于JavaScript的PDF文档生成库。 jsPDF 4.1.0之前版本存在注入漏洞，该漏洞源于addMetadata函数的第一个参数允许用户注入任意XML，可能破坏PDF完整性。

Description (English)

jsPDF is a PDF-generated library based on JavaScript. There is an injection loophole in the pre-JsPDF 4.1.0 version, which originates from the first parameter of the addMetadata function, which allows the user to inject any type of XML that could undermine the integrity of the PDF.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

Parallax

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff https://github.com/parallax/jsPDF/releases/tag/v4.1.0 https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422

Patch

https://parall.ax/products/jspdf