Lucene search
GoogleOSV:GHSA-XR9H-9M79-X29GHistoryMar 01, 2021 - 7:38 p.m.
SSRF in Rendertron
2021-03-0119:38:23
Google
osv.dev
13
rendertron
ssrf vulnerability
server-side request forgery
upgrade
infrastructure security
headless chrome
EPSS
0.001
Percentile
22.7%
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome’s access to your internal domain.
Related
cve
cve
CVE-2020-8902
2021-02-23 12:15:12
nodejs
nodejs
Server-Side Request Forgery
2021-03-01 19:42:28
cvelist
cvelist
CVE-2020-8902 SSRF in Rendertron
2021-02-23 12:00:16
prion
prion
Server side request forgery (ssrf)
2021-02-23 12:15:00
veracode
veracode
Server-Side Request Forgery (SSRF)
2021-02-24 02:52:04
github
github
SSRF in Rendertron
2021-03-01 19:38:23
osv
osv
CVE-2020-8902
2021-02-23 12:15:12
nvd
nvd
CVE-2020-8902
2021-02-23 12:15:12