OP-Engineering/link-preview-js
GitHub
Releases35
Frequency3 months 1 week
Last Release
Stars893
⛓ Extract web links information: title, description, images, videos, etc. [via OpenGraph], runs on mobiles and node.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| — | — | ||
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1. | |||
| 6.2 MEDIUM | 2.1 LOW | ||
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection. | |||