Description
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
Remediation
References
https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287
https://snyk.io/vuln/SNYK-JS-JSPDF-1073626
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288
https://github.com/MrRio/jsPDF/pull/3091
Related Vulnerabilities
CVE-2020-9038 Vulnerability in npm package joplin
CVE-2018-1000644 Vulnerability in maven package org.eclipse.rdf4j:rdf4j-rio-trix
CVE-2020-28479 Vulnerability in maven package org.webjars.bower:jointjs
CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2020-4038 Vulnerability in npm package graphql-playground-html