html-pdf@1.2.2 vulnerabilities

HTML to PDF converter that uses phantomjs

latest version

3.0.1

latest non vulnerable version

3.0.1

first published

11 years ago

latest version published

4 years ago

deprecated

Package is deprecated

licenses detected

MIT
>=0

View html-pdf package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the html-pdf package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Arbitrary File Read html-pdf is a Html to pdf converter in nodejs. Affected versions of this package are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as `request.open("GET","file:///etc/passwd")` will result in a PDF document with the contents of `/etc/passwd`. How to fix Arbitrary File Read? Upgrade `html-pdf` to version 3.0.0 or higher.	<3.0.0

Arbitrary File Read

html-pdf is a Html to pdf converter in nodejs.

Affected versions of this package are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as request.open("GET","file:///etc/passwd") will result in a PDF document with the contents of /etc/passwd.

How to fix Arbitrary File Read?

Upgrade html-pdf to version 3.0.0 or higher.

<3.0.0

Go back to all versions of this package