marcbachmann / node-html-pdf

This repo isn't maintained anymore as phantomjs got dreprecated a long time ago. Please migrate to headless chrome/puppeteer.
MIT License
3.56k stars 543 forks source link

Found Vulnerability 'Arbitrary Code Execution' #597

Closed asmitachavan121 closed 3 years ago

asmitachavan121 commented 3 years ago

Hi, This package is vulnerable to 'Arbitrary Code Execution' when scanned using Veracode. The version of the package used is 2.2.0(latest) Description - The vulnerability exists as it does not sanitize html input, allowing information to be exfiltrated through arbitrary XHR requests. I could not get more useful information on this, because there are no mitigation steps to show this vulnerability as given in Veracode. But this is just a heads up as I could not find similar issues reported. Hopefully, someone will look into this.

clawdaddy commented 3 years ago

Duplicate of #530

marcbachmann commented 3 years ago

We'll fix that in there.