MidnightBSD

Advisories for node-pdf-generator_project

CVE-2020-7740 MEDIUM

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
report@snyk.io 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-918,

Products Affected

Vendor Product Version
node-pdf-generator_project node-pdf-generator *