4 matches found
CVE-2024-1647
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...
wombatoo (=1.0.0) potentially affected by CVE-2024-1647 via pyhtml2pdf (=0.0.6)
pyhtml2pdf PYPI version =0.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on pyhtml2pdf and may be impacted: - wombatoo =1.0.0 Source cves: CVE-2024-1647 Source advisory: OSV:PYSEC-2024-301...
CVE-2024-1647
CVE-2024-1647 affects Pyhtml2pdf 0.0.6. The vulnerability arises from not validating user-provided HTML content, allowing an external attacker to remotely read arbitrary local files via a server-side XSS path. Impact is described as local file access with high confidentiality impact; CVSS: NETWOR...
CVE-2024-1647 pyhtml2pdf 0.0.6 - Local File Read via Server Side XSS
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...