Описание
Arbitrary File Read in html-pdf
All versions of html-pdf are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as request.open("GET","file:///etc/passwd") will result in a PDF document with the contents of /etc/passwd.
Recommendation
No fix is currently available. There is a mitigation available in the provided reference.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-15138
- https://github.com/marcbachmann/node-html-pdf/issues/530
- https://github.com/marcbachmann/node-html-pdf/issues/530#issuecomment-535045123
- https://github.com/marcbachmann/node-html-pdf/commit/c12d6977778014139183c9f8da7579fd7ac65362
- https://github.com/marcbachmann/node-html-pdf
- https://github.com/marcbachmann/node-html-pdf/releases/tag/v3.0.1
- https://security.netapp.com/advisory/ntap-20191017-0005
- https://www.npmjs.com/advisories/1095
Пакеты
Наименование
html-pdf
npm
Затронутые версииВерсия исправления
< 3.0.1
3.0.1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.