Description

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain.

Remediation

References

https://github.com/GoogleChrome/rendertron/releases/tag/3.0.0

Related Vulnerabilities

CVE-2018-1999039 Vulnerability in maven package org.jenkins-ci.plugins:confluence-publisher

CVE-2022-0528 Vulnerability in npm package @uppy/companion

CVE-2017-5617 Vulnerability in maven package com.metsci.ext.com.kitfox.svg:svg-salamander

CVE-2023-26492 Vulnerability in npm package directus

CVE-2021-23664 Vulnerability in npm package @isomorphic-git/cors-proxy

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N