This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-10-06T16:40:13.357329Z

Updated: 2024-09-17T03:52:44.294Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7740

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-06T18:15:18.127

Modified: 2024-11-21T05:37:42.793

Link: CVE-2020-7740

cve-icon Redhat

No data.