DOMPurify allows tampering by prototype pollution Vulnerability (CVE-2024-45801)

Question

MarcioMeier opened this issue a year ago · 3 comments

I have read and understood the contribution guidelines.

A high vulnerability was found in the DOMPurify library which allows XSS attack (CVE-2024-45801).

The jsPDF uses the 2.2.0 version, which should be solved by bumping to the 2.5.4 version.

Answer 1 · 2024-09-17T09:54:02.000Z

Thanks. Could you provide a PR?

Answer 2 · 2024-09-17T10:58:51.000Z

Sure, I'll submit it today

Answer 3 · 2024-09-18T07:44:51.000Z

I can confirm that the vulnerability was fixed in the version 2.5.2

Thanks @HackbrettXXX for making it quick and smooth ❤️