2 matches found
3a-server (>=0.7.41 <=0.9.10), 3a-server-mongo (>=0.1.0-beta.1 <=1.0.0-beta.1) +11 more potentially affected by unknown CVE via html-pdf-chrome (>=0.2.0 <=0.5.0)
html-pdf-chrome NPM version =0.2.0, =0.7.41, =0.1.0-beta.1, =0.1.3, =0.2.0, =1.0.0, =1.1.0, =1.0.0, =0.1.0, =1.0.3, =0.0.0, =0.5.12 Source cves: unknown CVE Source advisory: OSV:GHSA-5P98-WPC9-G498...
GHSA-5P98-WPC9-G498 Server-Side Request Forgery in html-pdf-chrome
Recommendation This package is working as intended. A Security section has been added since v0.6.1 to detail proper usage of this library. Npm has revoked their advisory altogether. Original Advisory All versions of html-pdf-chrome are vulnerable to Server-Side Request Forgery SSRF. The package...