8 matches found
GHSA-WPC6-37G7-8Q4W OpenClaw: Shell init-file options could satisfy exec allowlist script matching
Summary Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as --rcfile, --init-file, and --startup-file could therefore inherit allowlist trust from a matched script path even...
CVE-2024-37169
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
URL to PNG Security Vulnerability
URL to PNG is an application by Jason Raimondi Personal Developer. A security vulnerability exists in URL to PNG prior to version 2.0.3, which originates from the ability to read arbitrary files via a file wrapper via Playwright's screenshot feature...
GHSA-665W-MWRR-77Q3 Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Impact All users of url-to-png. Please see https://github.com/jasonraimondi/url-to-png/issues/47 Patches v2.0.3 requires input url to be of protocol http or https Workarounds Requires upgrade. References - https://github.com/jasonraimondi/url-to-png/issues/47 -...
CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...