Description
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
Remediation
References
https://github.com/darrenhaken/node-pdf-generator/blob/master/index.js%23L29
https://snyk.io/vuln/SNYK-JS-NODEPDFGENERATOR-609636
Related Vulnerabilities
CVE-2019-10282 Vulnerability in maven package hudson.plugins.klaros:klaros-testmanagement
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-flink
CVE-2020-36649 Vulnerability in maven package org.webjars.bowergithub.mholt:papaparse
CVE-2021-32809 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4