CVE-2025-11362

CVSS 8.7 HIGHEPSS 0.3%CWE-770

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Produtos afetados

n/a · pdfmake

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/bpampuch/pdfmake/commit/741169634bf07730e010cd77477b6cc038e846ed https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-10223297