CVE-2024-1647

Name of the Vulnerable Software and Affected Versions Pyhtml2pdf version 0.0.6

Description The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

Recommendations For Pyhtml2pdf version 0.0.6, consider validating user-entered HTML content to prevent remote access to local files. As a temporary workaround, restrict the application's ability to access local files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.