jsPDF
jsPDF copied to clipboard
parallax
CVE-2020-7691 Security Vulnerability Issue
With the latest version of jspdf:2.5.1 integrated into the project getting security vulnerability issue
CVE-2020-7691 EPSS: 0.17%CVSS: 6.1 In all versions of the package jspdf, it is possible to use <
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7691
- https://nvd.nist.gov/vuln/detail/CVE-2020-7691
Will there be a fix for this provided?
Hey @parithibang, copying my response from https://github.com/eKoopmans/html2pdf.js/issues/677:
Thanks for the heads up!
The good news is that the
fromHTMLmethod reported in CVE-2020-7691 no longer exists in jsPDF:
- It was deprecated in 2018 and removed sometime after that
- It's not defined on a jsPDF object
- The replacement
htmlmethod is actually just a clone ofhtmlpdf.js(fun with recursion 🙃)
I think this should be safe to close, but I'll leave that to the judgment of @parallax.
This issue is stale because it has been open 90 days with no activity. It will be closed soon. Please comment/reopen if this issue is still relevant.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}