Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method allowing server operators to define URL access rules. A warning is now logged when pdfmake is used server-side without a policy configured.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
pdfmake 安全漏洞
Vulnerability Description
pdfmake是Bartek Pampuch个人开发者的一个纯 JavaScript 的服务器端和客户端 PDF 文档生成库。 pdfmake 0.3.0-beta.2版本至0.3.5版本存在安全漏洞,该漏洞源于src/URLResolver.js组件存在服务端请求伪造,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A