CVE-2024-37169
CVE-2024-37169 affects the self-hosted tool @jmondi/url-to-png. Versions before 2.0.3 are vulnerable to arbitrary file read when an attacker leverages Playwright’s screenshot feature to abuse the file wrapper. The issue is mitigated in version 2.0.3, which enforces input URLs to be http/https. Th...