Description

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed. If someone hosts this project on a server, users could then capture screenshots of other web services running locally. This issue has been addressed in version 2.1.1 with the addition of a blocklist. Users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-07-15T19:53:23.192Z

Last Modified :

2024-08-02T04:33:11.149Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-39919 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-39919.

URL Resource
https://github.com/jasonraimondi/url-to-png/commit/f62ff40403ffa1781459d6be8d97b8035888c00c cve-icon cve-icon cve-icon
https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact