← Back

CVE-2025-11362

nvd nist
Published: Oct 7, 2025Modified: Oct 20, 2025

JSON object

Loading...
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: report@snyk.io (Secondary)

Description

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.

Affected (16)

Products: Pdfmake: Pdfmake
Pdfmake
1 product
Pdfmake
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Pdfmake
Pdfmake
Version 0.3.0 beta10
Pdfmake
Version 0.3.0 beta11
Pdfmake
Version 0.3.0 beta12
Pdfmake
Version 0.3.0 beta13
Pdfmake
Version 0.3.0 beta14
Pdfmake
Version 0.3.0 beta15
Pdfmake
Version 0.3.0 beta16
Pdfmake
Version 0.3.0 beta1
Pdfmake
Version 0.3.0 beta2
Pdfmake
Version 0.3.0 beta3
Pdfmake
Version 0.3.0 beta4
Pdfmake
Version 0.3.0 beta5
Pdfmake
Version 0.3.0 beta6
Pdfmake
Version 0.3.0 beta7
Pdfmake
Version 0.3.0 beta8
Pdfmake
Version 0.3.0 beta9

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

Source: report@snyk.io
Patch
Source: report@snyk.io
Third Party Advisory

Timeline

No history available yet.