Lucene search

SnykCVELIST:CVE-2020-7749

HistoryOct 20, 2020 - 10:25 a.m.

CVE-2020-7749 Server-side Request Forgery (SSRF)

2020-10-2010:25:26

snyk

www.cve.org

cve-2020-7749

server-side request forgery

ssrf

osm-static-maps

user input

template

html

js code

xss

puppeteer

local file read

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:R

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

52.5%

JSON

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ … }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read.

CNA Affected

[
  {
    "product": "osm-static-maps",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/jperelli/osm-static-maps/blob/master/src/template.html%23L142

github.com/jperelli/osm-static-maps/pull/24

snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637