Bug: Arbitrary File Read via Playwright's Screenshot Feature Exploiting File Wrapper

jasonraimondi / url-to-png

Selfhosted. URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB

https://jasonraimondi.github.io/url-to-png/

MIT License

136 stars 26 forks source link

Bug: Arbitrary File Read via Playwright's Screenshot Feature Exploiting File Wrapper #47

Closed timoxoszt closed 1 month ago

timoxoszt commented 1 month ago

Hello @jasonraimondi,

I have a vulnerability report.

Please see the attached PDF for detailed information.

Arbitrary File Read via Playwright's Screenshot Feature Exploiting File Wrapper.pdf

Thanks.

jasonraimondi commented 1 month ago

@timoxoszt This is amazing! Thank you very much for this report. I will get these changes in ASAP 👍

timoxoszt commented 1 month ago

Hello @jasonraimondi,

Would you mind publishing a CVE for this?

jasonraimondi commented 1 month ago

Hey @timoxoszt, not entirely sure how to do that. I don't mind doing it, I'm just not sure what to do. Do you have an example you can point me towards?

timoxoszt commented 1 month ago

Hey @jasonraimondi,

This guide on GitHub walks through publishing a security advisory, which should include publishing a CVE: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory

timoxoszt commented 1 month ago

Hello @jasonraimondi ,

I hope you're having a good day. I would like to request an update on the status of this CVE. I noticed that GHSA-665w-mwrr-77q3 was published last week. If you haven't already submitted a CVE Request, please scroll to the bottom of the advisory form and click Request CVE.

Thank you, and I look forward to hearing from you soon.

jasonraimondi commented 1 month ago

@timoxoszt Just clicked that button 👍