CVE-2020-7740

Опубликовано: 06 окт. 2020

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.

Ссылки

https://github.com/darrenhaken/node-pdf-generator/blob/master/index.js%23L29
Broken Link
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-NODEPDFGENERATOR-609636
Third Party Advisory
https://github.com/darrenhaken/node-pdf-generator/blob/master/index.js%23L29
Broken Link
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-NODEPDFGENERATOR-609636
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:node-pdf-generator_project:node-pdf-generator:*:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.0548

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-hcq6-h8v2-r5wm