Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Vulnerability Description
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
URL to PNG 安全漏洞
Vulnerability Description
URL to PNG是Jason Raimondi个人开发者的一个应用程序。 URL to PNG 2.0.3 之前版本存在安全漏洞,该漏洞源于可以通过文件包装器通过 Playwright 的屏幕截图功能读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A