this package uses phantomjs to render a xml snippet to image,thus the xml can be any html ,script.
As the render process runs at backend,so there are ssrf and server side xss risks.
The text was updated successfully, but these errors were encountered:
👋 Hey! We've recently opened a bug bounty against this issue, so if you want to get rewarded 💰 for fixing this vulnerability 🕷, head over to https://huntr.dev!
this package uses phantomjs to render a xml snippet to image,thus the xml can be any html ,script.
As the render process runs at backend,so there are ssrf and server side xss risks.
The text was updated successfully, but these errors were encountered: