Описание
Server-Side Request Forgery in node-pdf-generator
This affects all versions of package node-pdf-generator up to and including 0.0.6. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
Пакеты
Наименование
node-pdf-generator
npm
Затронутые версииВерсия исправления
<= 0.0.6
Отсутствует
Связанные уязвимости
CVSS3: 8.2
nvd
больше 5 лет назад
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.