CVE-2024-36527
published 2024-06-17CVE-2024-36527: puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive…
PriorityP343medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
2.56%
83.1th percentile
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
Detection & IOCsextracted from sources · hover to see the quote
path/html?url=file:///etc/passwd
otherfile:///etc/passwd
regexroot:.*:0:0:
- →Send a GET request to the /html endpoint with the `url` parameter set to `file:///etc/passwd`. A vulnerable server will return the contents of /etc/passwd in the response body.
- →Match the HTTP response body for the regex pattern `root:.*:0:0:` to confirm successful directory traversal and file read.
- →Confirm exploitation by also checking for HTTP 200 status code alongside the passwd file content match.
- →The vulnerable endpoint is `/html` and the attack vector is the `url` query parameter being supplied with the `file://` protocol scheme to read local files.
- ·The vulnerability affects puppeteer-renderer v3.2.0 and all prior versions. Version 3.3.0 and later are patched. ↗
- ·The detection template targets Linux-based servers (reads /etc/passwd). Detection on Windows hosts would require a different file path payload.
- ·Remediation requires restricting the `url` parameter to only `http` and `https` protocols in addition to upgrading to v3.3.0+.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Puppeteer Renderer - Directory Traversal
nuclei·CVSS 6.5
CVE-2024-36527 [MEDIUM] Puppeteer Renderer - Directory Traversal
Puppeteer Renderer - Directory Traversal
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
Template:
id: CVE-2024-36527
info:
name: Puppeteer Renderer - Directory Traversal
author: Stux
severity: medium
description: |
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
impact: |
An attacker can exploit this vulnerability to read arbitrary files on the server, potentially gaining access to sensitive information.
remediation: |
Users should update to version 3.3.0 or later where this issue has been addressed. Additionall
2024-06-17
Published