Описание
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.
Пакеты
Наименование
jsreport
npm
Затронутые версииВерсия исправления
<= 2.5.0
2.6.0
Связанные уязвимости
CVSS3: 9.8
nvd
почти 6 лет назад
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.