GitHub_MVULNRICHMENT:CVE-2024-37169CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright’s screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. No known workarounds are available aside from upgrading.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:*:*:*:*:*:*:*:*"
],
"vendor": "jasonraimondi",
"product": "url-to-png",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.0.3",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]References
github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7
github.com/jasonraimondi/url-to-png/issues/47
github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3
github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3
github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial