CVE-2020-7739: Server-Side Request Forgery (SSRF)

October 6, 2020 (updated October 22, 2020)

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.

References

nvd.nist.gov/vuln/detail/CVE-2020-7739

Detect and mitigate CVE-2020-7739 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →