Server-Side Request Forgery in node-pdf-generator
High severity
GitHub Reviewed
Published
May 10, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Oct 6, 2020
Reviewed
Apr 21, 2021
Published to the GitHub Advisory Database
May 10, 2021
Last updated
Feb 1, 2023
This affects all versions of package node-pdf-generator up to and including 0.0.6. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
References