Severity: Critical
CVSS Score: 9.2
The following security vulnerability was identified in jsPDF versions <=3.0.4: [Local File Inclusion/Path Traversal](https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2). ### Impact Since SurveyJS PDF Generator depends on jsPDF, any project using `survey-pdf` v1.12.58 and lower or v2.5.4 and lower could be exposed to this vulnerability. ### Solution SurveyJS PDF Generator has upgraded jsPDF to version >= 4.0.0 and included the fix in the following `survey-pdf` releases: * [v1.12.59](https://www.npmjs.com/package/survey-pdf/v/1.12.59) * [v2.5.5](https://www.npmjs.com/package/survey-pdf/v/2.5.5) ### Action Users should upgrade `survey-pdf` in their projects to v1.12.59+ or v2.5.5+ immediately. ### Notes No other `survey-pdf` dependencies are affected. This update is fully backward-compatible with previous `survey-pdf` releases.