[JOC-2017] Update canvg version 3.0.11 to 4.0.3 due to 3rd Party Vulnerability issue CVE-2025-25977 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.7.3
Fix Version/s: 2.7.4
Component/s: None
Labels:
None

CVE-ID:
CVE-2025-25977

Description

Current Situation

JOC Cockpit makes indirect use of canvg 3.0.11 through usage of jspdf for reports.
A vulnerability affects this version, see https://nvd.nist.gov/vuln/detail/CVE-2025-25977.

Desired Behavior

Due to the vulnerability Issue JOC Cockpit should use the current version 4.0.3 that fixes the issue.

Attachments

Activity

People

Assignee:: Rahul Patidar

Reporter:: Santiago Aucejo Petzoldt

Approver:: Santiago Aucejo Petzoldt

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 27 March 2025 11:01

Updated:: 09 April 2025 10:53

Resolved:: 28 March 2025 15:32