CNNVD-202602-052 Information

CNNVD ID

CNNVD-202602-052

Related CVE

CVE-2026-24040

• CNNVD Published: 2026-02-02

Description (Chinese)

jsPDF是Parallax开源的一款基于JavaScript的PDF文档生成库。 jsPDF 4.1.0之前版本存在竞争条件问题漏洞，该漏洞源于addJS方法使用共享的模块作用域变量，可能导致跨用户数据泄露。

Description (English)

jsPDF is a PDF-generated library based on JavaScript. The previous version of jsPDF 4.1.0 had a gap in competition conditions, which stemmed from the use of shared modular domain variables in the addJS method and could lead to the leakage of data across user lines.

Hazard Level

High

Vulnerability Type

竞争条件问题

Affected Vendor

Parallax

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e https://github.com/parallax/jsPDF/releases/tag/v4.1.0 https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4

Patch

https://parall.ax/products/jspdf