CVE-2024-36527

Name of the Vulnerable Software and Affected Versions puppeteer-renderer versions 3.2.0 and earlier

Description The issue allows attackers to exploit the URL parameter using the file protocol to read sensitive information from the server. This is achieved through a Directory Traversal attack.

Recommendations For versions 3.2.0 and earlier, as a temporary workaround, consider restricting access to the URL parameter to minimize the risk of exploitation. Avoid using the file protocol in the URL parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.