3 matches found
@addo/common-api (>=1.0.0 <=1.0.9), @ahbbvc/invoice-generator (>=1.0.0 <=1.0.9) +262 more potentially affected by CVE-2019-15138 via html-pdf (>=0.1.3 <=2.2.0)
html-pdf NPM version =0.1.3, =1.0.0, =1.0.0, =1.1.1, =2.0.14, =0.0.1, =2.0.1, =1.0.0, =3.5.2, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2 and more Source cves: CVE-2019-15138 Source advisory: OSV:GHSA-X4W5-R546-X9QH...
CVE-2019-15138
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...
CVE-2019-15138
CVE-2019-15138 affects the Node.js module html-pdf (v2.2.0). The vulnerability allows an arbitrary file read by processing an HTML file that uses an XMLHttpRequest to access a file:/// URL, enabling the server to exfiltrate local files (e.g., /etc/passwd). Public references in the Connected docum...