GHSA-5P98-WPC9-G498

Vulnerability from github – Published: 2020-09-04 15:21 – Updated: 2022-06-22 19:28
VLAI?
Summary
Server-Side Request Forgery in html-pdf-chrome
Details

Recommendation

This package is working as intended. A Security section has been added since v0.6.1 to detail proper usage of this library. Npm has revoked their advisory altogether.

Original Advisory

All versions of html-pdf-chrome are vulnerable to Server-Side Request Forgery (SSRF). The package executes HTTP requests if the parsed HTML contains external references to resources, such as <iframe src="http://localhost" height="800px" width="800px"></iframe>. This allows attackers to access resources through HTTP that are accessible to the server, including private resources in the hosting environment.

Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "html-pdf-chrome"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:55:39Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Recommendation\nThis package is working as intended. A [Security](https://github.com/westy92/html-pdf-chrome#security) section has been added since v0.6.1 to detail proper usage of this library. Npm has revoked their advisory altogether.\n\n## Original Advisory\nAll versions of `html-pdf-chrome` are vulnerable to Server-Side Request Forgery (SSRF). The package executes HTTP requests if the parsed HTML contains external references to resources, such as `\u003ciframe src=\"http://localhost\" height=\"800px\" width=\"800px\"\u003e\u003c/iframe\u003e`. This allows attackers to access resources through HTTP that are accessible to the server, including private resources in the hosting environment.",
  "id": "GHSA-5p98-wpc9-g498",
  "modified": "2022-06-22T19:28:32Z",
  "published": "2020-09-04T15:21:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/westy92/html-pdf-chrome/issues/249"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/westy92/html-pdf-chrome"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1339"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Server-Side Request Forgery in html-pdf-chrome"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.