Open skt1598 opened 1 year ago
Describe the bug Introduced through: vue-html2pdf@1.8.0 › html2pdf.js@0.9.3 › jspdf@1.4.1 › canvg@1.5.3 › xmldom@0.1.31
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. Does not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents.
Package Version 1.8.0
Additional context Ref: https://security.snyk.io/vuln/SNYK-JS-XMLDOM-1084960
Describe the bug Introduced through: vue-html2pdf@1.8.0 › html2pdf.js@0.9.3 › jspdf@1.4.1 › canvg@1.5.3 › xmldom@0.1.31
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. Does not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents.
Package Version 1.8.0
Additional context Ref: https://security.snyk.io/vuln/SNYK-JS-XMLDOM-1084960