Lucene search
GoogleOSV:CVE-2020-8902HistoryFeb 23, 2021 - 12:15 p.m.
CVE-2020-8902
2021-02-2312:15:12
Google
osv.dev
10
cve-2020-8902
ssrf
rendertron
upgrade
mitigations
headless chrome
security vulnerability
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome’s access to your internal domain.
Related
cve
cve
CVE-2020-8902
2021-02-23 12:15:12
cvelist
cvelist
CVE-2020-8902 SSRF in Rendertron
2021-02-23 12:00:16
prion
prion
Server side request forgery (ssrf)
2021-02-23 12:15:00
nodejs
nodejs
Server-Side Request Forgery
2021-03-01 19:42:28
veracode
veracode
Server-Side Request Forgery (SSRF)
2021-02-24 02:52:04
github
github
SSRF in Rendertron
2021-03-01 19:38:23
nvd
nvd
CVE-2020-8902
2021-02-23 12:15:12
osv
osv
SSRF in Rendertron
2021-03-01 19:38:23