CVE-2024-36527
📋 TL;DR
CVE-2024-36527 is a directory traversal vulnerability in puppeteer-renderer that allows attackers to read sensitive server files by manipulating URL parameters with file protocol. This affects all users of puppeteer-renderer version 3.2.0 and earlier who expose the renderer service externally or process untrusted input.
💻 Affected Systems
- puppeteer-renderer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server file system disclosure including configuration files, credentials, and sensitive application data leading to full system compromise.
Likely Case
Partial file system access allowing attackers to read configuration files, source code, and potentially extract credentials or sensitive data.
If Mitigated
Limited impact with proper input validation and file access restrictions in place.
🎯 Exploit Status
Simple directory traversal via file:// protocol in URL parameter. Public proof-of-concept available in GitHub gists.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.1 or later
Vendor Advisory: https://github.com/zenato/puppeteer-renderer/security/advisories
Restart Required: Yes
Instructions:
1. Update puppeteer-renderer to version 3.2.1 or later using npm update puppeteer-renderer. 2. Restart the puppeteer-renderer service. 3. Verify the update with npm list puppeteer-renderer.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation to reject file:// protocol URLs and directory traversal sequences.
Implement URL validation middleware that checks for file:// protocol and path traversal patterns like ../
Network Segmentation
allRestrict puppeteer-renderer service to internal network only.
Configure firewall rules to block external access to puppeteer-renderer port
🧯 If You Can't Patch
- Implement strict input validation to reject file:// URLs and path traversal sequences
- Run puppeteer-renderer with minimal file system permissions using chroot or containerization
🔍 How to Verify
Check if Vulnerable:
Check if puppeteer-renderer version is 3.2.0 or earlier using npm list puppeteer-rendererCheck Version:
npm list puppeteer-renderer | grep puppeteer-rendererVerify Fix Applied:
Confirm version is 3.2.1 or later and test that file:// protocol URLs are rejected📡 Detection & Monitoring
Log Indicators:
- Requests containing file:// protocol in URL parameter
- Failed file access attempts outside expected directories
Network Indicators:
- HTTP requests with file:// URLs to puppeteer-renderer endpoint
SIEM Query:
source="puppeteer-renderer" AND (url="*file://*" OR url="*../*")