CVE-2024-39918 Information
Description
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local S3 or CouchDB. Input of the ImageId in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Reference
https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr
https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr
https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507
https://github.com/jasonraimondi/url-to-png/commit/e4eaeca6493b21cd515b582fd6c0af09ede54507
https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75
https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75
@jmondi/url-to-png
is
an
open
source
URL
to
PNG
utility
featuring
parallel
rendering
using
Playwright
for
screenshots
and
with
storage
caching
via
Local
S3
or
CouchDB.
Input
of
the
ImageId
in
the
code
is
not
sanitized
and
may
lead
to
path
traversal.
This
allows
an
attacker
to
store
an
image
in
an
arbitrary
location
that
the
server
has
permission
to
access.
This
issue
has
been
addressed
in
version
2.1.2
and
all
users
are
advised
to
upgrade.
There
are
no
known
workarounds
for
this
vulnerability.