CVE-2024-37169
@jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
CVSS v3.1
5.3 (Medium)
EPSS
0.04 % (18th)
Advisories
1
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http
or https
. No known workarounds are available aside from upgrading.
- Base Severity
- Medium
- Base Score
-
- Impact Score
-
- Exploitability Score
-
Metrics
Attack Vector (AV) | Network |
---|---|
Attack Complexity (AC) | Low |
Privileges Required (PR) | None |
User Interaction (UI) | None |
Scope (S) | Unchanged |
Confidentiality (C) | Low |
Integrity (I) | None |
Availability (A) | None |
# ID | Name |
---|---|
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
# ID | Name | Weakness |
---|---|---|
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic | CWE-22 |
CAPEC-76 | Manipulating Web Input to File System Calls | CWE-22 |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding | CWE-22 |
CAPEC-79 | Using Slashes in Alternate Encoding | CWE-22 |
CAPEC-126 | Path Traversal | CWE-22 |
References
Awaiting Analysis
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- GitHub, Inc.
- Published Date
-
2024-06-10 22:15:12
(7 months ago) - Updated Date
-
2024-11-21 09:23:21
(2 months ago)
View CVE-2024-37169 on ...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...