Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
security: prevent blind ssrf in pdf generation
Issue: one could set the src attribute of an img tag to anything they want and the pdf generation will happily GET it. This means that one can do arbitrary HTTP GET requests from the server itself. This doesn't work in the browser context because of the restrictive CSP policy, which is not applied during the pdf generation. This is a MINOR vulnerability as other security measures in the PHP configuration prevents prospective escalation. The vulnerability was reported by @mgrRaf and @xoffense. Thank to them for responsible disclosure. A bounty has been awarded.
- Loading branch information