rendertron-middleware@0.1.0 vulnerabilities

Express middleware for the rendertron service.

Direct Vulnerabilities

Known vulnerabilities in the rendertron-middleware package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

rendertron-middleware is an Express middleware for Rendertron.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ${request.params.url} which was not being sanitized properly.

How to fix Cross-site Scripting (XSS)?

Upgrade rendertron-middleware to version 0.1.3 or higher.

<0.1.3
  • H
Denial of Service (DoS)

rendertron-middleware is an Express middleware for Rendertron.

Affected versions of this package are vulnerable to Denial of Service (DoS). It included an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allowed any unauthorized remote attacker to disable the core service of the application.

How to fix Denial of Service (DoS)?

Upgrade rendertron-middleware to version 0.1.3 or higher.

<0.1.3
  • H
Information Exposure

rendertron-middleware is an Express middleware for Rendertron

Affected versions of this package are vulnerable to Information Exposure. Installed packages are exposed by node_modules in Rendertron, allowed remote attackers to read absolute paths on the server by examining the _where attribute of package.json files.

How to fix Information Exposure?

Upgrade rendertron-middleware to version 0.1.3 or higher.

<0.1.3
  • M
Arbitrary File Read

rendertron-middleware is an Express middleware for Rendertron

Affected versions of this package are vulnerable to Arbitrary File Read. An alternative protocols such as file:// introduced a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.

How to fix Arbitrary File Read?

Upgrade rendertron-middleware to version 0.1.3 or higher.

<0.1.3