N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-5p98-wpc9-g498

EPSS Score

CWE

CWE-918

Published

9/4/2020

Updated

1/11/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-5p98-wpc9-g498

GHSA-5p98-wpc9-g498: Server-Side Request Forgery in html-pdf-chrome

Recommendation

This package is working as intended. A Security section has been added since v0.6.1 to detail proper usage of this library. Npm has revoked their advisory altogether.

Original Advisory

All versions of html-pdf-chrome are vulnerable to Server-Side Request Forgery (SSRF). The package executes HTTP requests if the parsed HTML contains external references to resources, such as <iframe src="http://localhost" height="800px" width="800px"></iframe>. This allows attackers to access resources through HTTP that are accessible to the server, including private resources in the hosting environment.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-5p98-wpc9-g498

EPSS Score

CWE

CWE-918

Published

9/4/2020

Updated

1/11/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
html-pdf-chrome	npm	< 0.6.1	0.6.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the library's core functionality of rendering HTML to PDF using Chrome. The HtmlPdf.create function (or equivalent entry point) is inherently vulnerable because it delegates resource fetching to Chrome without network restrictions. While no specific code diff is provided, the advisory explicitly states that processing HTML with external references causes SSRF, which aligns with the library's primary conversion workflow. The function responsible for initiating the PDF generation process would inherently execute these requests unless explicitly hardened (e.g., via network restrictions added in documentation rather than code changes).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## R**omm*n**tion T*is p**k*** is workin* *s int*n***. * [S**urity](*ttps://*it*u*.*om/w*sty**/*tml-p**-**rom*#s**urity) s**tion **s ***n ***** sin** v*.*.* to **t*il prop*r us*** o* t*is li*r*ry. Npm **s r*vok** t**ir **visory *lto**t**r. ## Ori*in

Reasoning

T** vuln*r**ility st*ms *rom t** li*r*ry's *or* *un*tion*lity o* r*n**rin* *TML to P** usin* **rom*. T** `*tmlP**.*r**t*` *un*tion (or *quiv*l*nt *ntry point) is in**r*ntly vuln*r**l* ****us* it **l***t*s r*sour** **t**in* to **rom* wit*out n*twork r

N/A

Basic Information

Concerned about an active attack path?

GHSA-5p98-wpc9-g498: Server-Side Request Forgery in html-pdf-chrome

Recommendation

Original Advisory

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI