Lucene search

[email protected]CVE-2024-37169

HistoryJun 10, 2024 - 10:15 p.m.

CVE-2024-37169

2024-06-1022:15:12

CWE-22

[email protected]

web.nvd.nist.gov

jmondi url-to-png exploit mitigation protocol-http-httpsupgrade.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

15.7%

JSON

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright’s screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. No known workarounds are available aside from upgrading.

Affected configurations

Vulners

Node

jasonraimondiurl_to_pngRange<2.0.3

CNA Affected

[
  {
    "vendor": "jasonraimondi",
    "product": "url-to-png",
    "versions": [
      {
        "version": "< 2.0.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7

github.com/jasonraimondi/url-to-png/issues/47

github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3

github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3

github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVE-2024-37169

cvelist1 github1 osv2 nvd1