High severityNVD Advisory· Published Feb 19, 2024· Updated Dec 3, 2025
pyhtml2pdf 0.0.6 - Local File Read via Server Side XSS
CVE-2024-1647
Description
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain
arbitrary local files. This is possible because the application does not
validate the HTML content entered by the user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyhtml2pdfPyPI | <= 0.0.6 | — |
Affected products
2- pyhtml2pdf/pyhtml2pdfv5Range: 0.0.6
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-p3rv-qj56-2fqxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-1647ghsaADVISORY
- fluidattacks.com/advisories/oliverghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pyhtml2pdf/PYSEC-2024-301.yamlghsaWEB
- pypi.org/project/pyhtml2pdfghsaWEB
- fluidattacks.com/advisories/oliver/mitre
- pypi.org/project/pyhtml2pdf/mitre
News mentions
0No linked articles in our index yet.