CVE-2020-7739

Опубликовано: 06 окт. 2020

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.

Ссылки

https://github.com/areverberi/phantomjs-seo/blob/083f66892f97d67031668decb917389ffc32a94c/index.js%23L17
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-PHANTOMJSSEO-609638
Exploit
Third Party Advisory
https://github.com/areverberi/phantomjs-seo/blob/083f66892f97d67031668decb917389ffc32a94c/index.js%23L17
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-PHANTOMJSSEO-609638
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phantomjs-seo_project:phantomjs-seo:1.0.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 50%

0.00267

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

CVE-2020-7739

CVSS3: 8.2

ubuntu

больше 5 лет назад

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.

GHSA-j9pj-hx76-92v6

CVSS3: 8.2

github

больше 4 лет назад

Server-Side Request Forgery in phantomjs-seo

EPSS

Процентиль: 50%

0.00267

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-918