CVE-2020-7740: Server-Side Request Forgery (SSRF)

October 6, 2020 (updated October 19, 2020)

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.

References

nvd.nist.gov/vuln/detail/CVE-2020-7740

Code Behaviors & Features

Detect and mitigate CVE-2020-7740 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →