rendertron@1.0.1 vulnerabilities

Renders webpages using headless Chrome for usage by bots

latest version

3.1.0
latest non vulnerable version

3.1.0
first published

6 years ago
latest version published

3 years ago
licenses detected
- Apache-2.0
  >=0
View rendertron package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the rendertron package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) rendertron is a Renders webpages using headless Chrome for usage by bots Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). An attacker can use a specially crafted webpage to force a `rendertron` headless Chrome process to render internal sites it has access to, and display it as a screenshot. How to fix Server-side Request Forgery (SSRF)? Upgrade `rendertron` to version 3.0.0 or higher.	<3.0.0

Server-side Request Forgery (SSRF)

rendertron is a Renders webpages using headless Chrome for usage by bots

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). An attacker can use a specially crafted webpage to force a rendertron headless Chrome process to render internal sites it has access to, and display it as a screenshot.

How to fix Server-side Request Forgery (SSRF)?

Upgrade rendertron to version 3.0.0 or higher.

<3.0.0

Go back to all versions of this package

rendertron@1.0.1 vulnerabilities

Renders webpages using headless Chrome for usage by bots

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities