Homepage
About Snyk

phantomjs-seo@1.0.0 vulnerabilities

express middleware for prerendering pages with phantomjs for search engine crawling

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the phantomjs-seo package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Server-side Request Forgery (SSRF)

phantomjs-seo is an express middleware for prerendering pages with phantomjs for search engine crawling

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.

PoC

mkdir poc
cd poc
npm init -y
npm install express
npm install phantomjs-seo

create index.js with basic Express app

const express = require('express')
const app = express()
const port = 3000

// phantomjs-seo middleware init
const seo = require('phantomjs-seo')
app.use(seo)

app.get('/', (req, res) => res.send('Hello World!'))
app.listen(port, () => console.log(`Example app listening at http://localhost:${port}`))

run it:

node index.js

How to fix Server-side Request Forgery (SSRF)?

There is no fixed version for phantomjs-seo.

*
Go back to all versions of this package