VYPR

npm package

@jmondi/url-to-png

pkg:npm/%40jmondi/url-to-png

Vulnerabilities (3)

  • CVE-2024-39919LowJul 15, 2024
    affected < 2.1.2fixed 2.1.2

    @jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to captur

  • CVE-2024-39918MedJul 15, 2024
    affected < 2.1.2fixed 2.1.2

    @jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to

  • CVE-2024-37169MedJun 10, 2024
    affected < 2.0.3fixed 2.0.3

    @jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protoco