pyhtml2pdf 0.0.6 - Local File Read
7.5
High
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
pyhtml2pdf 0.0.6 - Local File Read
Code name
State
Public
Release date
Feb 19, 2024
Affected product
Pyhtml2pdf
Affected version(s)
Version 0.0.6
Vulnerability name
Server Side XSS
Vulnerability type
Remotely exploitable
Yes
CVSS v3.1 vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v3.1 base score
7.5
Exploit available
Yes
CVE ID(s)
Description
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
Vulnerability
This vulnerability occurs because the application does not validate that the HTML content entered by the user is not malicious.
Exploitation
To exploit this vulnerability, we only need to send the following malicious HTML to pyhtml2pdf:
Exploit.html
Thus, when pyhtml2pdf parses the malicious HTML, it will return the local file specified in the generated PDF.
Evidence of exploitation
Our security policy
We have reserved the ID CVE-2024-1647 to refer to this issue from now on.
System Information
Version: Pyhtml2pdf 0.0.6
Operating System: GNU/Linux
Mitigation
There is currently no patch available for this vulnerability.
References
Vendor page https://pypi.org/project/pyhtml2pdf/
Timeline
Vulnerability discovered
Jan 14, 2024
Vendor contacted
Jan 14, 2024
Public disclosure
Feb 19, 2024
