CVE-2024-36527

MEDIUM NUCLEI

Puppeteer-Renderer <3.2.0 - Path Traversal

Title source: llm

Description

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.

Exploits (1)

nomisec WORKING POC 1 stars

by bigb0x · poc

https://github.com/bigb0x/CVE-2024-36527

View Code ZIP pw:eip

Nuclei Templates (1)

Puppeteer Renderer - Directory Traversal

MEDIUMVERIFIEDby Stux

References (1)

[Various Sources] https://gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911

Scores

CVSS v3 6.5

EPSS 0.8911

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Published Jun 17, 2024

Tracked Since Feb 18, 2026