This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
References
Link | Resource |
---|---|
https://github.com/darrenhaken/node-pdf-generator/blob/master/index.js%23L29 | Broken Link Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-NODEPDFGENERATOR-609636 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2020-10-06T00:00:00
Updated: 2020-10-06T16:40:13
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7740
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-06T18:15:18.127
Modified: 2020-10-19T19:06:40.790
Link: CVE-2020-7740
JSON object: View
Redhat Information
No data.