Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningUpgrade @pdfme/common to version 5.5.10 or higher.
@pdfme/common is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license!
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the getB64BasePdf function when unvalidated URLs are fetched if the basePdf parameter is attacker-controlled. An attacker can access internal or external network resources and potentially exfiltrate sensitive data by supplying a crafted URL, leading the server or client to make unauthorized requests.