Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traveral in @jmondi/url-to-png
Vulnerability Description
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
URL to PNG 安全漏洞
Vulnerability Description
URL to PNG是Jason Raimondi个人开发者的一个应用程序。 URL to PNG 2.1.2 版本之前存在安全漏洞,该漏洞源于代码中的 ImageId 输入未被清理,可能会导致路径穿越。
CVSS Information
N/A
Vulnerability Type
N/A