xmldom XML External Entity (XXE) Injection
skt1598 opened this issue · 0 comments
skt1598 commented
Describe the bug
Introduced through: vue-html2pdf@1.8.0 › html2pdf.js@0.9.3 › jspdf@1.4.1 › canvg@1.5.3 › xmldom@0.1.31
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. Does not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents.
Package Version
1.8.0
Additional context
Ref: https://security.snyk.io/vuln/SNYK-JS-XMLDOM-1084960