Lucene search

Veracode Vulnerability DatabaseVERACODE:45823

HistoryMar 11, 2024 - 5:53 a.m.

Path Traversal

2024-03-1105:53:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

weasyprint

path traversal

vulnerability

url_fetcher

improper validation

pdf documents

unauthorized access

sensitive information

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

WeasyPrint is vulnerable to Path Traversal. The vulnerability is due to improper validation mechanisms in the url_fetcher function, which fails to restrict the inclusion of arbitrary local files and URLs in the generated PDF documents. This flaw allowing an attacker to include or traverse to files and directories outside the intended scope, potentially leading to unauthorized access or disclosure of sensitive information.

CPENameOperatorVersion
weasyprintle61.1
weasyprintle61.1
weasyprint:sideq51-2

Name	Operator	Version
weasyprint	le	61.1
weasyprint	le	61.1
weasyprint:sid	eq	51-2

References

github.com/advisories/GHSA-35jj-wx47-4w8r

github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598

github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r

lists.fedoraproject.org/archives/list/[email protected]/message/ZLQZMOEDY72TS43HDXOBVID2VYCTWIH6/