MidnightBSD

Advisories for kumaf

CVE-2024-1647

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
help@fluidattacks.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
kumaf pyhtml2pdf 0.0.6