Search criteria
6 vulnerabilities found for url-to-png by jasonraimondi
CVE-2024-39919 (GCVE-0-2024-39919)
Vulnerability from nvd – Published: 2024-07-15 19:53 – Updated: 2024-08-02 04:33
VLAI?
Title
Capture screenshot of localhost web services (unauthenticated pages) in @jmondi/url-to-png
Summary
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed. If someone hosts this project on a server, users could then capture screenshots of other web services running locally. This issue has been addressed in version 2.1.1 with the addition of a blocklist. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/jasonraimondi/url-to-png/secur… | x_refsource_CONFIRM |
| https://github.com/jasonraimondi/url-to-png/commi… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jasonraimondi | url-to-png |
Affected:
< 2.1.1
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T17:48:45.788439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:50:26.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed. If someone hosts this project on a server, users could then capture screenshots of other web services running locally. This issue has been addressed in version 2.1.1 with the addition of a blocklist. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:53:23.192Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c"
}
],
"source": {
"advisory": "GHSA-342q-2mc2-5gmp",
"discovery": "UNKNOWN"
},
"title": "Capture screenshot of localhost web services (unauthenticated pages) in @jmondi/url-to-png"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39919",
"datePublished": "2024-07-15T19:53:23.192Z",
"dateReserved": "2024-07-02T19:37:18.603Z",
"dateUpdated": "2024-08-02T04:33:11.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39918 (GCVE-0-2024-39918)
Vulnerability from nvd – Published: 2024-07-15 19:53 – Updated: 2024-08-02 04:33
VLAI?
Title
Path Traveral in @jmondi/url-to-png
Summary
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jasonraimondi/url-to-png/secur… | x_refsource_CONFIRM |
| https://github.com/jasonraimondi/url-to-png/commi… | x_refsource_MISC |
| https://github.com/jasonraimondi/url-to-png/blob/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jasonraimondi | url-to-png |
Affected:
< 2.1.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"lessThan": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:51:36.893384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T14:58:11.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:53:20.491Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75"
}
],
"source": {
"advisory": "GHSA-vvmv-wrvp-9gjr",
"discovery": "UNKNOWN"
},
"title": "Path Traveral in @jmondi/url-to-png"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39918",
"datePublished": "2024-07-15T19:53:20.491Z",
"dateReserved": "2024-07-02T19:37:18.603Z",
"dateUpdated": "2024-08-02T04:33:11.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37169 (GCVE-0-2024-37169)
Vulnerability from nvd – Published: 2024-06-10 21:35 – Updated: 2024-08-02 03:50
VLAI?
Title
@jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Summary
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading.
Severity ?
5.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/jasonraimondi/url-to-png/secur… | x_refsource_CONFIRM |
| https://github.com/jasonraimondi/url-to-png/issues/47 | x_refsource_MISC |
| https://github.com/jasonraimondi/url-to-png/commi… | x_refsource_MISC |
| https://github.com/jasonraimondi/url-to-png/relea… | x_refsource_MISC |
| https://github.com/user-attachments/files/1553633… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jasonraimondi | url-to-png |
Affected:
< 2.0.3
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:56:01.581318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:18:33.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/issues/47",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/issues/47"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3"
},
{
"name": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright\u0027s screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:35:38.198Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/issues/47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/issues/47"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3"
},
{
"name": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf"
}
],
"source": {
"advisory": "GHSA-665w-mwrr-77q3",
"discovery": "UNKNOWN"
},
"title": "@jmondi/url-to-png arbitrary file read via Playwright\u0027s screenshot feature exploiting file wrapper"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37169",
"datePublished": "2024-06-10T21:35:38.198Z",
"dateReserved": "2024-06-03T17:29:38.331Z",
"dateUpdated": "2024-08-02T03:50:55.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39919 (GCVE-0-2024-39919)
Vulnerability from cvelistv5 – Published: 2024-07-15 19:53 – Updated: 2024-08-02 04:33
VLAI?
Title
Capture screenshot of localhost web services (unauthenticated pages) in @jmondi/url-to-png
Summary
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed. If someone hosts this project on a server, users could then capture screenshots of other web services running locally. This issue has been addressed in version 2.1.1 with the addition of a blocklist. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/jasonraimondi/url-to-png/secur… | x_refsource_CONFIRM |
| https://github.com/jasonraimondi/url-to-png/commi… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jasonraimondi | url-to-png |
Affected:
< 2.1.1
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T17:48:45.788439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:50:26.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed. If someone hosts this project on a server, users could then capture screenshots of other web services running locally. This issue has been addressed in version 2.1.1 with the addition of a blocklist. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:53:23.192Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c"
}
],
"source": {
"advisory": "GHSA-342q-2mc2-5gmp",
"discovery": "UNKNOWN"
},
"title": "Capture screenshot of localhost web services (unauthenticated pages) in @jmondi/url-to-png"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39919",
"datePublished": "2024-07-15T19:53:23.192Z",
"dateReserved": "2024-07-02T19:37:18.603Z",
"dateUpdated": "2024-08-02T04:33:11.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39918 (GCVE-0-2024-39918)
Vulnerability from cvelistv5 – Published: 2024-07-15 19:53 – Updated: 2024-08-02 04:33
VLAI?
Title
Path Traveral in @jmondi/url-to-png
Summary
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jasonraimondi/url-to-png/secur… | x_refsource_CONFIRM |
| https://github.com/jasonraimondi/url-to-png/commi… | x_refsource_MISC |
| https://github.com/jasonraimondi/url-to-png/blob/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jasonraimondi | url-to-png |
Affected:
< 2.1.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"lessThan": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:51:36.893384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T14:58:11.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:53:20.491Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75"
}
],
"source": {
"advisory": "GHSA-vvmv-wrvp-9gjr",
"discovery": "UNKNOWN"
},
"title": "Path Traveral in @jmondi/url-to-png"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39918",
"datePublished": "2024-07-15T19:53:20.491Z",
"dateReserved": "2024-07-02T19:37:18.603Z",
"dateUpdated": "2024-08-02T04:33:11.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37169 (GCVE-0-2024-37169)
Vulnerability from cvelistv5 – Published: 2024-06-10 21:35 – Updated: 2024-08-02 03:50
VLAI?
Title
@jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Summary
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading.
Severity ?
5.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/jasonraimondi/url-to-png/secur… | x_refsource_CONFIRM |
| https://github.com/jasonraimondi/url-to-png/issues/47 | x_refsource_MISC |
| https://github.com/jasonraimondi/url-to-png/commi… | x_refsource_MISC |
| https://github.com/jasonraimondi/url-to-png/relea… | x_refsource_MISC |
| https://github.com/user-attachments/files/1553633… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jasonraimondi | url-to-png |
Affected:
< 2.0.3
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:56:01.581318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:18:33.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/issues/47",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/issues/47"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3"
},
{
"name": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright\u0027s screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:35:38.198Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/issues/47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/issues/47"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3"
},
{
"name": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf"
}
],
"source": {
"advisory": "GHSA-665w-mwrr-77q3",
"discovery": "UNKNOWN"
},
"title": "@jmondi/url-to-png arbitrary file read via Playwright\u0027s screenshot feature exploiting file wrapper"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37169",
"datePublished": "2024-06-10T21:35:38.198Z",
"dateReserved": "2024-06-03T17:29:38.331Z",
"dateUpdated": "2024-08-02T03:50:55.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}