Timoxoszt

**Name of the Vulnerable Software and Affected Versions** @jmondi/url-to-png versions prior to 2.0.3 **Description** The issue allows for arbitrary file read if a threat actor uses Playright's screenshot feature to exploit the file wrapper. No known workarounds are available aside from upgrading. The utility requires input URLs to be of protocol `http` or `https` to mitigate this issue. **Recommendations** For versions prior to 2.0.3, upgrade to version 2.0.3 or later, which requires input URLs to be of protocol `http` or `https`, to resolve the issue. As a temporary workaround, consider restricting the use of the Playright's screenshot feature until the upgrade is applied.