DOMPurify allows tampering by prototype pollution Vulnerability (CVE-2024-45801)

parallax / jsPDF

Client-side JavaScript PDF generation for everyone.

https://parall.ax/products/jspdf

MIT License

29.1k stars 4.65k forks source link

Closed MarcioMeier closed 1 week ago

MarcioMeier commented 1 week ago

I have read and understood the contribution guidelines.

A high vulnerability was found in the DOMPurify library which allows XSS attack (CVE-2024-45801).

The jsPDF uses the 2.2.0 version, which should be solved by bumping to the 2.5.4 version.

HackbrettXXX commented 1 week ago

Thanks. Could you provide a PR?

MarcioMeier commented 1 week ago

Sure, I'll submit it today

MarcioMeier commented 1 week ago

I can confirm that the vulnerability was fixed in the version 2.5.2

Thanks @HackbrettXXX for making it quick and smooth ❤️