Inefficient Regular Expression Complexity in parallax/jspdf
Reported on
Jan 16th 2022
Description
The jspdf package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide crafted input to the setZoomMode functionality may cause an application to consume an excessive amount of CPU.
Proof of Concept
// PoC.js
var jsPDF = require("jspdf").jsPDF
const doc = new jsPDF({ orientation: "landscape", floatPrecision: 2 });
doc.setDisplayMode("300".repeat(50000));
Impact
This vulnerability is capable of exhausting system resources and leading to crashes.
SECURITY.md
a year ago
Thanks for the report.
The vulnerability boils down to the regular expression /^\d*\.?\d*%$/, which is slow, because of the ambiguity caused by \.?. The regular expression can be replaced with something like this:
/^(?:\d+\.\d*|\d*\.\d+|\d+)%$/
This regexp performs much better, as can be seen here: https://jsbench.me/0gkylc9kzt/1
How do we continue from here?
Hi @maintainer, I just verified that the repaired regular expression is safe. You can mark this issue as valid. Thanks a lot!
Done. @Yeting Li would you also like to prepare a pull request for the fix?
Hi @maintainer, I'm very glad to prepare a PR for the fix.
I submitted a PR (please see the link https://github.com/parallax/jsPDF/pull/3366)
But there is a test case on Node 10, Node 14 that fails.
Thank you for your help. I submitted a new PR (please see https://github.com/parallax/jsPDF/pull/3368)
Thanks. I've merged it now and will release the fix soon. Is there anything left to do? E.g. mark it as resolved?
I couldn't select you as the person who fixed it. How can I do that?