CVE-2024-1647

HIGH

pyhtml2pdf 0.0.6 - Arbitrary Local File Read via Unvalidated HTML Content

Title source: llm

Description

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://fluidattacks.com/advisories/oliver/

Product

https://pypi.org/project/pyhtml2pdf/

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 47.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

kumaf/pyhtml2pdf 0.0.6

pypi/pyhtml2pdf 0PyPI

Published Feb 20, 2024

Tracked Since Feb 18, 2026