2 matches found
CVE-2020-7740 Server-side Request Forgery (SSRF)
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack...
CVE-2020-7740
CVE-2020-7740 affects node-pdf-generator (all versions up to 0.0.6 per GHSA entry). The root cause is lack of user input validation and sanitization for content fed to the module, enabling an attacker to craft a URL that is passed to an external server, resulting in Server-Side Request Forgery (S...