CVE-2024-37169

@jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

CVSS v3.1 5.3 (Medium)
EPSS 0.04 % (18th)
Advisories 1

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. No known workarounds are available aside from upgrading.

Base Severity
Medium
Base Score
5.3
Impact Score
1.4
Exploitability Score
3.9
Metrics
Attack Vector (AV) Network
Attack Complexity (AC) Low
Privileges Required (PR) None
User Interaction (UI) None
Scope (S) Unchanged
Confidentiality (C) Low
Integrity (I) None
Availability (A) None

Weaknesses

# ID Name
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

OWASP

# ID Name
A01:2021 Broken Access Control

CAPEC - Common Attack Pattern Enumeration and Classification

# ID Name Weakness
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic CWE-22
CAPEC-76 Manipulating Web Input to File System Calls CWE-22
CAPEC-78 Using Escaped Slashes in Alternate Encoding CWE-22
CAPEC-79 Using Slashes in Alternate Encoding CWE-22
CAPEC-126 Path Traversal CWE-22
Awaiting Analysis
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
GitHub, Inc.
Published Date
2024-06-10 22:15:12
(7 months ago)
Updated Date
2024-11-21 09:23:21
(2 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...