Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)
Vulnerability Description
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. The vulnerability has been fixed in jsPDF@4.1.0.
CVSS Information
N/A
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
jsPDF 注入漏洞
Vulnerability Description
jsPDF是Parallax开源的一款基于JavaScript的PDF文档生成库。 jsPDF 4.1.0之前版本存在注入漏洞,该漏洞源于addMetadata函数的第一个参数允许用户注入任意XML,可能破坏PDF完整性。
CVSS Information
N/A
Vulnerability Type
N/A