cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-8902,https://securityvulnerability.io/vulnerability/CVE-2020-8902,SSRF in Rendertron,"Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain.",Google,Rendertron,3.5,LOW,0.000539999979082495,false,false,false,false,,false,false,2021-02-23T12:00:16.000Z,0
CVE-2017-18354,https://securityvulnerability.io/vulnerability/CVE-2017-18354,,Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.,Google,Rendertron,7.5,HIGH,0.003930000122636557,false,false,false,false,,false,false,2018-12-17T06:00:00.000Z,0
CVE-2017-18355,https://securityvulnerability.io/vulnerability/CVE-2017-18355,,"Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the ""_where"" attribute of package.json files.",Google,Rendertron,7.5,HIGH,0.005950000137090683,false,false,false,false,,false,false,2018-12-17T06:00:00.000Z,0
CVE-2017-18352,https://securityvulnerability.io/vulnerability/CVE-2017-18352,,Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.,Google,Rendertron,6.1,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2018-12-17T06:00:00.000Z,0
CVE-2017-18353,https://securityvulnerability.io/vulnerability/CVE-2017-18353,,Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application.,Google,Rendertron,7.5,HIGH,0.003800000064074993,false,false,false,false,,false,false,2018-12-17T06:00:00.000Z,0