Количество 2
Количество 2
CVE-2024-37169
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading.
GHSA-665w-mwrr-77q3
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-37169 @jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| GHSA-665w-mwrr-77q3 Arbitrary file read via Playwright's screenshot feature exploiting file wrapper | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу