CVE-2020-7740— Server-side Request Forgery (SSRF)

CVSS 8.2 · High EPSS 5.48% · P90 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-7740

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Server-side Request Forgery (SSRF)

Source: NVD (National Vulnerability Database)

Vulnerability Description

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

node-pdf-generator 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

node-pdf-generator是个人开发者的一个JavaScript编写的用于从HTML生成PDF的Web服务器。 node-pdf-generator存在安全漏洞，该漏洞源于缺乏用户输入验证和对提供给node-pdf-generator的内容的清理，攻击者可利用该漏洞可能会创建一个url，该url将被传递给允许SSRF攻击的外部服务器。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	node-pdf-generator	0 ~ unspecified	-

II. Public POCs for CVE-2020-7740

#	POC Description	Source Link	Shenlong Link
1	An example of CVE-2020-7740	https://github.com/CS4239-U6/node-pdf-generator-ssrf	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-7740

请登录查看更多情报信息。

https://snyk.io/vuln/SNYK-JS-NODEPDFGENERATOR-609636x_refsource_MISC
https://github.com/darrenhaken/node-pdf-generator/blob/master/index.js%23L29x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-7740

Same Patch Batch · n/a · 2020-10-06 · 51 CVEs total

CVE-2020-7741	9.9 CRITICAL	Cross-site Scripting (XSS)
CVE-2020-7739	8.2 HIGH	Server-side Request Forgery (SSRF)
CVE-2020-8782	7.5 HIGH	ALEOS LAN-Side RPC Service Remote Code Execution
CVE-2020-25644		OpenSSL 资源管理错误漏洞
CVE-2020-24215		IPTV/H.264/H.265 video 信任管理问题漏洞
CVE-2020-25643		Linux kernel 输入验证错误漏洞
CVE-2020-26570		OpenSC 缓冲区错误漏洞
CVE-2020-25613		Ruby 环境问题漏洞
CVE-2020-26572		OpenSC 缓冲区错误漏洞
CVE-2020-26571		OpenSC 缓冲区错误漏洞
CVE-2020-25637		Red Hat libvirt 资源管理错误漏洞
CVE-2020-24216		IPTV/H.264/H.265 video 默认配置问题漏洞
CVE-2020-24217		IPTV H.264/H.265 video 访问控制错误漏洞
CVE-2020-24218		IPTV H.264/H.265 video 信任管理问题漏洞
CVE-2020-24219		IPTV H.264/H.265 video 路径遍历漏洞
CVE-2020-25641		Linux kernel 安全漏洞
CVE-2020-15598		ModSecurity 安全漏洞
CVE-2020-7465		MPD 缓冲区错误漏洞
CVE-2020-7466		MPD 缓冲区错误漏洞
CVE-2020-8781		Sierra Wireless ALEOS 输入验证错误漏洞

Showing top 20 of 51 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2020-7740

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-7740— Server-side Request Forgery (SSRF)

I. Basic Information for CVE-2020-7740

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-7740

III. Intelligence Information for CVE-2020-7740

Same Patch Batch · n/a · 2020-10-06 · 51 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-7740

Leave a comment