Vulnerability Details CVE-2020-7740
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.055
EPSS Ranking 89.8%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 6.4
References
Products affected by CVE-2020-7740
-
cpe:2.3:a:node-pdf-generator_project:node-pdf-generator:-