Lucene search
GoogleOSV:GHSA-X43G-GJ9X-838XHistoryMay 24, 2022 - 10:01 p.m.
PhantomJS Arbitrary File Read
2022-05-2422:01:03
Google
osv.dev
12
phantomjs
arbitrary file read
vulnerability
page.open()
xmlhttprequest
filesystem
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.
Related
debiancve
debiancve
CVE-2019-17221
2019-11-05 14:15:13
ubuntucve
ubuntucve
CVE-2019-17221
2019-11-05 00:00:00
veracode
veracode
Arbitrary File Read
2021-07-12 07:16:37
github
github
PhantomJS Arbitrary File Read
2022-05-24 22:01:03
osv
osv
CVE-2019-17221
2019-11-05 14:15:13
prion
prion
Design/Logic Flaw
2019-11-05 14:15:00
nessus
nessus
Adobe InDesign < 17.4 Arbitrary File Read Vulnerability (APSB22-50)
2022-09-15 00:00:00
Adobe InDesign < 17.4.1 / 18.0 < 18.1.0 Multiple Vulnerabilities (APSB23-07) (macOS)
2023-01-11 00:00:00
Adobe InDesign < 17.4.1 / 18.0 < 18.1.0 Multiple Vulnerabilities (APSB23-07)
2023-01-11 00:00:00
cve
cve
CVE-2019-17221
2019-11-05 14:15:13
cvelist
cvelist
CVE-2019-17221
2019-11-05 13:10:45
nvd
nvd
CVE-2019-17221
2019-11-05 14:15:13
adobe
adobe
APSB23-07 : Security update available for Adobe InDesign
2023-01-10 00:00:00
APSB22-50 : Security updates available for Adobe InDesign
2022-09-13 00:00:00