38 matches found
GHSA-934W-HVJ4-7FR6 Path Traversal in jsreport-chrome-pdf
This affects the package jsreport-chrome-pdf before 1.10.0...
jsreport (>=2.0.0 <=2.1.0), jsreport-keycloak-auth (>=0.0.1 <=0.0.2) potentially affected by CVE-2020-7762 via jsreport-chrome-pdf (>=1.0.0 <=1.0.2)
jsreport-chrome-pdf NPM version =1.0.0, =2.0.0, =0.0.1, =0.0.2 Source cves: CVE-2020-7762 Source advisory: OSV:GHSA-934W-HVJ4-7FR6...
Path Traversal in jsreport-chrome-pdf
This affects the package jsreport-chrome-pdf before 1.10.0...
Arbitrary File Read
jsreport-chrome-pdf is vulnerable to arbitrary file read. An attacker can send malicious requests via lib/conversion.js to read arbitrary local files...
CVE-2020-7762
This affects the package jsreport-chrome-pdf before 1.10.0...
CVE-2020-7762
This affects the package jsreport-chrome-pdf before 1.10.0...
Code injection
This affects the package jsreport-chrome-pdf before 1.10.0...
CVE-2020-7762 Arbitrary File Read
This affects the package jsreport-chrome-pdf before 1.10.0...
CVE-2020-7762
CVE-2020-7762 affects the package jsreport-chrome-pdf prior to version 1.10.0. The vulnerability enables an arbitrary file read via the vulnerability in the code path tied to lib/conversion.js, as documented by multiple sources (Snyk entry and GitHub advisory). Impact is: attacker can read local ...
jsreport (>=2.0.0 <=2.1.0), jsreport-keycloak-auth (>=0.0.1 <=0.0.2) potentially affected by CVE-2020-7762 via jsreport-chrome-pdf (>=1.0.0 <=1.0.2)
jsreport-chrome-pdf NPM version =1.0.0, =2.0.0, =0.0.1, =0.0.2 Source cves: CVE-2020-7762 Source advisory: SNYK:JS-JSREPORTCHROMEPDF-1037310...
Arbitrary File Read
Overview jsreport-chrome-pdf is a Affected versions of this package are vulnerable to Arbitrary File Read. An Arbitrary File Read vulnerability exists in lib/conversion.js. PoC document.writewindow.location='../../../../../etc/passwd' Remediation Upgrade jsreport-chrome-pdf to version 1.10.0 or...
Remote Code Execution (RCE)
jsreport is vulnerable to remote code execution RCE. Of a variety of packages it consists, the Script-manager utilized for running user's scripts in a sandbox has an unintended require vulnerability and Puppeteer utilized for turning user's HTML into pdf files has SSRF Server Side Request Forgery...
CVE-2020-8128
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...
CVE-2020-8128
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...
Server side request forgery (ssrf)
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...
CVE-2020-8128
CVE-2020-8128 affects jsreport (
CVE-2020-8128
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...
Node.js third-party modules: [jsreport] Remote Code Execution
I would like to report Remote Code Execution in jsreport It allows running js files remotely on a vulnerable server. Module module name: jsreport version: 2.5.0 npm page: https://www.npmjs.com/package/jsreport Module Description jsreport is a reporting server which lets developers define reports...