exploitDog

CVE-2024-1647

Опубликовано: 20 фев. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain

arbitrary local files. This is possible because the application does not

validate the HTML content entered by the user.

Ссылки

https://fluidattacks.com/advisories/oliver/
Exploit
Third Party Advisory
https://pypi.org/project/pyhtml2pdf/
Product
https://fluidattacks.com/advisories/oliver/
Exploit
Third Party Advisory
https://pypi.org/project/pyhtml2pdf/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kumaf:pyhtml2pdf:0.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00183

Низкий

7.5 High

CVSS3

Дефекты

CWE-79

NVD-CWE-noinfo

Связанные уязвимости

GHSA-p3rv-qj56-2fqx

CVSS3: 7.5

github

почти 2 года назад

Cross-site Scripting in Pyhtml2pdf

EPSS

Процентиль: 40%

0.00183

Низкий

7.5 High

CVSS3

Дефекты

CWE-79

NVD-CWE-noinfo