.. / CVE-2024-36527

Exploit for Puppeteer Renderer - Directory Traversal (CVE-2024-36527)

Description:

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.

Nuclei Template

View the template here CVE-2024-36527.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-36527.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-36527
https://gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911
https://github.com/zenato/puppeteer-renderer/issues/97