Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by jasonraimondi
CVE-2024-39919 (GCVE-0-2024-39919)
Vulnerability from cvelistv5 – Published: 2024-07-15 19:53 – Updated: 2024-08-02 04:33
VLAI
Title
Capture screenshot of localhost web services (unauthenticated pages) in @jmondi/url-to-png
Summary
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed. If someone hosts this project on a server, users could then capture screenshots of other web services running locally. This issue has been addressed in version 2.1.1 with the addition of a blocklist. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/jasonraimondi/url-to-png/secur… | x_refsource_CONFIRM |
| https://github.com/jasonraimondi/url-to-png/commi… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| jasonraimondi | url-to-png |
Affected:
< 2.1.1
|
|
| jasonraimondi | url-to-png |
Affected:
2.1.1
cpe:2.3:a:jasonraimondi:url-to-png:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T17:48:45.788439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:50:26.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed. If someone hosts this project on a server, users could then capture screenshots of other web services running locally. This issue has been addressed in version 2.1.1 with the addition of a blocklist. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:53:23.192Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c"
}
],
"source": {
"advisory": "GHSA-342q-2mc2-5gmp",
"discovery": "UNKNOWN"
},
"title": "Capture screenshot of localhost web services (unauthenticated pages) in @jmondi/url-to-png"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39919",
"datePublished": "2024-07-15T19:53:23.192Z",
"dateReserved": "2024-07-02T19:37:18.603Z",
"dateUpdated": "2024-08-02T04:33:11.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39918 (GCVE-0-2024-39918)
Vulnerability from cvelistv5 – Published: 2024-07-15 19:53 – Updated: 2024-08-02 04:33
VLAI
Title
Path Traveral in @jmondi/url-to-png
Summary
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jasonraimondi/url-to-png/secur… | x_refsource_CONFIRM |
| https://github.com/jasonraimondi/url-to-png/commi… | x_refsource_MISC |
| https://github.com/jasonraimondi/url-to-png/blob/… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| jasonraimondi | url-to-png |
Affected:
< 2.1.2
|
|
| jasonraimondi | url-to-png |
Affected:
0 , < 2.1.2
(custom)
cpe:2.3:a:jasonraimondi:url-to-png:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"lessThan": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:51:36.893384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T14:58:11.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:53:20.491Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75"
}
],
"source": {
"advisory": "GHSA-vvmv-wrvp-9gjr",
"discovery": "UNKNOWN"
},
"title": "Path Traveral in @jmondi/url-to-png"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39918",
"datePublished": "2024-07-15T19:53:20.491Z",
"dateReserved": "2024-07-02T19:37:18.603Z",
"dateUpdated": "2024-08-02T04:33:11.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37169 (GCVE-0-2024-37169)
Vulnerability from cvelistv5 – Published: 2024-06-10 21:35 – Updated: 2024-08-02 03:50
VLAI
Title
@jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Summary
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/jasonraimondi/url-to-png/secur… | x_refsource_CONFIRM |
| https://github.com/jasonraimondi/url-to-png/issues/47 | x_refsource_MISC |
| https://github.com/jasonraimondi/url-to-png/commi… | x_refsource_MISC |
| https://github.com/jasonraimondi/url-to-png/relea… | x_refsource_MISC |
| https://github.com/user-attachments/files/1553633… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| jasonraimondi | url-to-png |
Affected:
< 2.0.3
|
|
| jasonraimondi | url-to-png |
Affected:
0 , < 2.0.3
(custom)
cpe:2.3:a:jasonraimondi:url-to-png:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jasonraimondi:url-to-png:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:56:01.581318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:18:33.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/issues/47",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/issues/47"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3"
},
{
"name": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "url-to-png",
"vendor": "jasonraimondi",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright\u0027s screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:35:38.198Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-665w-mwrr-77q3"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/issues/47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/issues/47"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/commit/9336020c5e603323f5cf4a2ac3bb9a7735cf61f7"
},
{
"name": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3"
},
{
"name": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf"
}
],
"source": {
"advisory": "GHSA-665w-mwrr-77q3",
"discovery": "UNKNOWN"
},
"title": "@jmondi/url-to-png arbitrary file read via Playwright\u0027s screenshot feature exploiting file wrapper"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37169",
"datePublished": "2024-06-10T21:35:38.198Z",
"dateReserved": "2024-06-03T17:29:38.331Z",
"dateUpdated": "2024-08-02T03:50:55.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}