Vulnerabilities > CVE-2020-7740 - Server-Side Request Forgery (SSRF) vulnerability in Node-Pdf-Generator Project Node-Pdf-Generator

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

node-pdf-generator-project

CWE-918

NVD

Published: 2020-10-06

Updated: 2024-11-21

Summary

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.

Vulnerable Configurations

Part	Description	Count
Application	Node-Pdf-Generator_Project Node PDF Generator Project Node PDF Generator *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/darrenhaken/node-pdf-generator/blob/master/index.js%23L29
https://github.com/darrenhaken/node-pdf-generator/blob/master/index.js%23L29
https://snyk.io/vuln/SNYK-JS-NODEPDFGENERATOR-609636
https://snyk.io/vuln/SNYK-JS-NODEPDFGENERATOR-609636