Login Sign Up

CVE-2020-7763

7.5 HIGH
Path Traversal

📋 TL;DR

CVE-2020-7763 is a path traversal vulnerability in phantom-html-to-pdf that allows attackers to read arbitrary files on the server. This affects applications using this package to convert HTML to PDF. Attackers can exploit this to access sensitive system files.

💻 Affected Systems

Products:
  • phantom-html-to-pdf
Versions: All versions before 0.6.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications that use phantom-html-to-pdf with user-controlled input for PDF generation.

📦 What is this software?

Phantom Html To Pdf by Jsreport

View all CVEs affecting Phantom Html To Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like SSH keys, configuration files, or database credentials, potentially leading to lateral movement.

🟠

Likely Case

Information disclosure of sensitive application files, configuration data, or user data stored on the server filesystem.

🟢

If Mitigated

Limited impact if proper input validation and file access controls are implemented, restricting access to only intended directories.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user input to be passed to the vulnerable function, which is common in PDF generation workflows.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.6.1

Vendor Advisory: https://github.com/pofider/phantom-html-to-pdf/commit/b5d2da2639a49a95e0bdb3bc0c987cb6406b8259

Restart Required: No

Instructions:

1. Update package.json to specify phantom-html-to-pdf version 0.6.1 or higher. 2. Run npm update phantom-html-to-pdf. 3. Test PDF generation functionality.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation to reject any file paths containing directory traversal sequences like ../

Sandbox Execution

all

Run the PDF generation process in a container or sandbox with restricted filesystem access

🧯 If You Can't Patch

  • Implement strict input validation to sanitize all user input before passing to phantom-html-to-pdf
  • Run the application with minimal filesystem permissions and restrict access to sensitive directories

🔍 How to Verify

Check if Vulnerable:

Check package.json for phantom-html-to-pdf version. If version is below 0.6.1, the system is vulnerable.

Check Version:

npm list phantom-html-to-pdf

Verify Fix Applied:

Verify package.json shows phantom-html-to-pdf version 0.6.1 or higher and test PDF generation with malicious input.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in application logs
  • Multiple failed PDF generation attempts with unusual file paths

Network Indicators:

  • Unusually large PDF file downloads
  • Multiple PDF generation requests in short time

SIEM Query:

source="application.log" AND "phantom-html-to-pdf" AND ("..\/" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2020-7763
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: November 5, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7763, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)