Vulnerabilities > CVE-2019-15138 - Exposure of Resource to Wrong Sphere vulnerability in Html-Pdf Project Html-Pdf
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.