High severityNVD Advisory· Published Oct 6, 2020· Updated Sep 17, 2024
Server-side Request Forgery (SSRF)
CVE-2020-7740
Description
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
node-pdf-generatornpm | <= 0.0.6 | — |
Affected products
2- node-pdf-generator/node-pdf-generatordescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-hcq6-h8v2-r5wmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7740ghsaADVISORY
- github.com/darrenhaken/node-pdf-generator/blob/master/index.js%23L29ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-NODEPDFGENERATOR-609636ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.