PDF Exports: Hidden SSRF Risk In the realm of cybersecurity, understanding vulnerabilities is paramount to safeguarding sensitive data and maintaining the integrity of systems. One such vulnerability that often lurks in the shadows is SSRF, or Server Side Request Forgery. While SSRF vulnerabilities have been extensively discussed in various contexts, today, we're going to delve into a unique perspective – exploring SSRF vulnerabilities through the lens of HTML to PDF exports.

Our healthcare client faced a security threat through PDF generation on their platform. We discovered a flaw that allowed harmful code to be included in PDFs, enabling us to access internal server files and services as well as obtaining AWS credentials. Taking proactive steps is vital to protect healthcare systems from such vulnerabilities.