Arbitrary File Read in html-pdf

🗓️ 11 Oct 2019 18:38:40Reported by GitHub Advisory DatabaseType

Arbitrary File Read in html-pdf. Vulnerability in all versions allows exfiltration of server files via malicious HTML code. XHR requests executed by server

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2019-15138	20 Sep 201919:13	–	cvelist
Node.js	Arbitrary File Read	30 Jul 201921:15	–	nodejs
Prion	Design/Logic Flaw	20 Sep 201920:15	–	prion
NVD	CVE-2019-15138	20 Sep 201920:15	–	nvd
Veracode	Arbitrary Code Execution	23 Sep 201903:26	–	veracode
OSV	GHSA-X4W5-R546-X9QH Arbitrary File Read in html-pdf	11 Oct 201918:40	–	osv
CVE	CVE-2019-15138	20 Sep 201920:15	–	cve
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js modules	29 Aug 202008:56	–	ibm

Vulners

Node

html-pdf_project html-pdfRange<3.0.1

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-15138
npmjs	www.npmjs.com/advisories/1095
github	www.github.com/marcbachmann/node-html-pdf/issues/530
github	www.github.com/marcbachmann/node-html-pdf/issues/530
github	www.github.com/marcbachmann/node-html-pdf/commit/c12d6977778014139183c9f8da7579fd7ac65362
github	www.github.com/marcbachmann/node-html-pdf/releases/tag/v3.0.1
security	www.security.netapp.com/advisory/ntap-20191017-0005/
github	www.github.com/advisories/GHSA-x4w5-r546-x9qh

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Oct 2019 18:40Current

3.4Low risk

Vulners AI Score3.4

CVSS25

CVSS37.5

EPSS0.00316

html-pdf arbitrary file read vulnerability xhr requests mitigation