Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.

Recommendation

Upgrade to version 1.13.0 or later.

References

GitHub Issue
Snyk Report
CVE-2019-5786 Analysis by Exodus Intelligence
GitHub Advisory

CPENameOperatorVersion
puppeteerlt1.13.0

CPE	Name	Operator	Version
	puppeteer	lt	1.13.0

suse 1

redhatcve 1

chrome 3

ubuntucve 1

nessus 8

osv 2

myhack58 2

thn 2

prion 1

cve0day 1

cve 1

metasploit 1

alpinelinux 1

openvas 6

debiancve 1

zdt 1

malwarebytes 1

attackerkb 2

veracode 1

github 1

redhat 1

kaspersky 2

checkpoint_advisories 1

debian 2

archlinux 1

cisa_kev 1

packetstorm 1

exploitdb 1

krebs 1

fireeye 1

threatpost 2

securelist 1

googleprojectzero 1

gentoo 1

fedora 2

suse

Security update for chromium (important)

2019-03-08 00:00:00

redhatcve

CVE-2019-5786

2019-03-04 14:49:48

chrome

Stable Channel Update for Chrome OS

2019-03-05 00:00:00

Chrome for Android Update

2019-03-01 00:00:00

Stable Channel Update for Desktop

2019-03-01 00:00:00

ubuntucve

CVE-2019-5786

2019-06-27 00:00:00

nessus

openSUSE Security Update : chromium (openSUSE-2019-298)

2019-03-08 00:00:00

Debian DSA-4404-1 : chromium - security update

2019-03-11 00:00:00

RHEL 6 : chromium-browser (RHSA-2019:0481)

2019-03-12 00:00:00

osv

chromium - security update

2019-03-09 00:00:00

Use-After-Free in puppeteer

2020-09-02 18:25:43

myhack58

CVE-2019-5786: chrome in the wild exploit 0day vulnerability alerts-a vulnerability alert-the black bar safety net

2019-03-06 00:00:00

By 2019, 3-month Microsoft patch day multiple vulnerabilities early warning-vulnerability warning-the black bar safety net

2019-03-17 00:00:00

thn

New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild

2019-03-06 09:52:00

Microsoft Releases Patches for 64 Flaws — Two Under Active Attack

2019-03-12 18:15:00

prion

Design/Logic Flaw

2019-06-27 17:15:00

cve0day

Google Chrome CVE-2019-5786 Arbitrary Code Execution

2019-03-04 13:13:08

cve

CVE-2019-5786

2019-06-27 17:15:00

metasploit

Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86

2019-05-06 09:05:00

alpinelinux

CVE-2019-5786

2019-06-27 17:15:00

openvas

Debian: Security Advisory (DSA-4404-1)

2019-03-08 00:00:00

Google Chrome Security Updates (stable-channel-update-for-desktop-2019-03) - Windows

2019-03-05 00:00:00

openSUSE: Security Advisory for chromium (openSUSE-SU-2019:0298-1)

2019-04-03 00:00:00

debiancve

CVE-2019-5786

2019-06-27 17:15:00

zdt

Chrome 72.0.3626.119 FileReader Use-After-Free Exploit

2019-05-08 00:00:00

malwarebytes

Google Chrome zero-day: Now is the time to update and restart your browser

2019-03-08 19:13:15

attackerkb

Google Chrome CVE-2019-5786 FileReader Use-After-Free Vulnerability

2019-06-27 00:00:00

CVE-2019-5786

2019-10-30 00:00:00

veracode

Denial Of Service (DoS)

2020-12-06 03:06:29

github

Use-After-Free in puppeteer

2020-09-02 18:25:43

redhat

(RHSA-2019:0481) Important: chromium-browser security update

2019-03-11 20:57:08

kaspersky

KLA11430 ACE vulnerability in Google Chrome

2019-03-01 00:00:00

KLA11436 Multiple vulnerabilities in Google Chrome

2019-03-12 00:00:00

checkpoint_advisories

Google Chrome FileReader API Use After Free (CVE-2019-5786)

2019-03-21 00:00:00

debian

[SECURITY] [DSA 4404-1] chromium security update

2019-03-10 04:14:35

[SECURITY] [DSA 4404-1] chromium security update

2019-03-10 04:14:35

archlinux

[ASA-201903-1] chromium: arbitrary code execution

2019-03-02 00:00:00

cisa_kev

Google Chrome Blink Use-After-Free Vulnerability

2022-05-23 00:00:00

packetstorm

Chrome 72.0.3626.119 FileReader Use-After-Free

2019-05-08 00:00:00

exploitdb

Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)

2019-05-08 00:00:00

krebs

Patch Tuesday, March 2019 Edition

2019-03-13 04:55:28

fireeye

Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities — Intelligence for Vulnerability Management, Part Three

2020-04-20 12:00:00

threatpost

Nation-State Attacks Drop in Latest Google Analysis

2020-03-30 20:53:22

Microsoft Patches Two Win32k Bugs Under Active Attack

2019-03-12 21:52:31

securelist

IT threat evolution Q1 2019. Statistics

2019-05-23 10:00:53

googleprojectzero

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019

2020-07-29 00:00:00

gentoo

Chromium: Multiple vulnerabilities

2019-03-28 00:00:00

fedora

[SECURITY] Fedora 30 Update: chromium-73.0.3683.75-2.fc30

2019-03-29 19:41:48

[SECURITY] Fedora 29 Update: chromium-73.0.3683.75-2.fc29

2019-03-25 06:10:55

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Related for NODEJS:824