CVE-2025-11362
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-07
Last updated on: 2025-10-20
Assigner: Snyk
Description
Description
Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
| pdfmake | pdfmake | 0.3.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
