CVE-2024-1647 – Pyhtml2pdf version 0.0.6 contains a cross-site ... (How to Fix)

📋 TL;DR

Pyhtml2pdf version 0.0.6 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to read arbitrary local files. Attackers can inject malicious HTML content that gets processed by the application, leading to file disclosure. This affects any system running the vulnerable pyhtml2pdf package.

💻 Affected Systems

Products:

pyhtml2pdf

Versions: 0.0.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using pyhtml2pdf 0.0.6 to convert HTML to PDF is vulnerable if it processes untrusted HTML input.

📦 What is this software?

Pyhtml2pdf by Kumaf

View all CVEs affecting Pyhtml2pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive local files including configuration files, credentials, and user data through file read operations.

🟠

Likely Case

Exfiltration of sensitive files from the server where pyhtml2pdf is running, potentially leading to credential theft or data breach.

🟢

If Mitigated

Limited impact with proper input validation and file access restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires the attacker to provide malicious HTML content to the application, which is then processed without validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check if pyhtml2pdf is installed: pip show pyhtml2pdf
2. If version is 0.0.6, uninstall it: pip uninstall pyhtml2pdf
3. Consider alternative PDF generation libraries with proper security controls

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation to reject or sanitize HTML content containing file access attempts

File Access Restrictions

linux

Run pyhtml2pdf in a sandboxed environment with restricted file system access

docker run --read-only -v /safe/path:/app pyhtml2pdf

🧯 If You Can't Patch

Isolate the vulnerable system from sensitive data and network segments
Implement strict network filtering to limit access to the vulnerable service

🔍 How to Verify

Check if Vulnerable:

Run: pip show pyhtml2pdf | grep Version
If output shows 'Version: 0.0.6', the system is vulnerable.

Check Version:

pip show pyhtml2pdf | grep Version

Verify Fix Applied:

After uninstalling, verify with: pip list | grep pyhtml2pdf
Should show no results or a different version.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from pyhtml2pdf process
HTML input containing file:// or local file references

Network Indicators:

Outbound connections from pyhtml2pdf server to unexpected destinations
Large data transfers following HTML processing

SIEM Query:

source="application.log" AND process="pyhtml2pdf" AND (file_access OR file_read)

📊 Metadata

CVE ID: CVE-2024-1647

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-79

Published: February 20, 2024

Last Updated: December 3, 2025

🔗 References

https://fluidattacks.com/advisories/oliver/ Exploit,Third Party Advisory
https://pypi.org/project/pyhtml2pdf/ Product
https://fluidattacks.com/advisories/oliver/ Exploit,Third Party Advisory
https://pypi.org/project/pyhtml2pdf/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1647, you might also want to check these: