Description
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
Remediation
References
https://security.netapp.com/advisory/ntap-20191017-0005/
https://www.npmjs.com/advisories/1095
Related Vulnerabilities
CVE-2019-13173 Vulnerability in maven package org.webjars:fstream
CVE-2020-35476 Vulnerability in maven package net.opentsdb:opentsdb
CVE-2015-5377 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-spi
CVE-2020-2142 Vulnerability in maven package org.jenkins-ci.plugins:p4