EUVD-2020-1448

Malware in sbrugna...

Arbitrary File Read in phantom-html-to-pdf

This affects the package phantom-html-to-pdf before 0.6.1. PoC js var fs = require'fs' var conversion = require"phantom-html-to-pdf"; conversion.allowLocalFilesAccess = false conversion html: "document.writewindow.location='c:/windows/win.ini'" , functionerr, pdf var output =...

GHSA-6H7F-QWQM-35PP Arbitrary File Read in phantom-html-to-pdf

This affects the package phantom-html-to-pdf before 0.6.1. PoC js var fs = require'fs' var conversion = require"phantom-html-to-pdf"; conversion.allowLocalFilesAccess = false conversion html: "document.writewindow.location='c:/windows/win.ini'" , functionerr, pdf var output =...

Arbitrary File Read

phantom-html-to-pdf is vulnerable to arbitrary file read. An attacker is able to gain access and read arbitrary files on the host by specifying the file path...

CVE-2020-7763

This affects the package phantom-html-to-pdf before 0.6.1...

CVE-2020-7763

This affects the package phantom-html-to-pdf before 0.6.1...

Design/Logic Flaw

This affects the package phantom-html-to-pdf before 0.6.1...

CVE-2020-7763

CVE-2020-7763 affects the npm package phantom-html-to-pdf and is an arbitrary file read vulnerability present in versions before 0.6.1. The weakness is demonstrated by a PoC (in the GitHub advisory and Snyk reference) that bypasses file access restrictions to read local host files (e.g., using wi...

CVE-2020-7763 Arbitrary File Read

This affects the package phantom-html-to-pdf before 0.6.1...

@dfeidao/server (>=4.5.201902251314 <=4.6.201910181238), @fabrix/spool-pdf (>=1.5.0 <=1.5.0-alpha.1) +23 more potentially affected by CVE-2020-7763 via phantom-html-to-pdf (>=0.1.2 <=0.6.0)

phantom-html-to-pdf NPM version =0.1.2, =4.5.201902251314, =1.5.0, =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =2.0.0, =1.0.202005312012, =1.0.3, =0.1.0, =0.4.0, =1.0.1, =1.0.3 - jsreport-fop-xsl-pdf =1.0.4 and more Source cves: CVE-2020-7763 Source...