Information Disclosure

2024-07-1606:11:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

information disclosure

url-to-png

screenshots

sensitive information

web services

security vulnerability

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.1

Confidence

High

JSON

@jmondi/url-to-png is vulnerable to Information Disclosure. The vulnerability is caused due to a lack of a blocklist mechanism to restrict which URLs can be captured as screenshots. This allows an attacker to potentially capture screenshots of sensitive information from local web services.