Lucene search

GitHub_MCVELIST:CVE-2024-37169

HistoryJun 10, 2024 - 9:35 p.m.

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

2024-06-1021:35:38

CWE-22

GitHub_M

www.cve.org

cve-2024-37169

@jmondi/url-to-png

arbitrary file read

playwright's

screenshot feature

file wrapper

vulnerability

protocol http

protocol https

upgrade

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

15.5%

JSON

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright’s screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. No known workarounds are available aside from upgrading.

CNA Affected

[
  {
    "vendor": "jasonraimondi",
    "product": "url-to-png",
    "versions": [
      {
        "version": "< 2.0.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7

github.com/jasonraimondi/url-to-png/issues/47

github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3

github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3

github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

15.5%

JSON

Related for CVELIST:CVE-2024-37169