CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:phantomjs:phantomjs:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-05 14:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-17221

Mitre link : CVE-2019-17221

CVE.ORG link : CVE-2019-17221

JSON object : View

Products Affected

phantomjs

phantomjs

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2019-17221", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-11-05T14:15:13.537", "references": [{"url": "https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed."}, {"lang": "es", "value": "PhantomJS versiones hasta la versi\u00f3n 2.1.1, tiene una vulnerabilidad de lectura de archivos arbitraria, como es demostrado por un XMLHttpRequest para un URI file:// . La vulnerabilidad existe en la funci\u00f3n page.open() del m\u00f3dulo webpage, que carga una URL espec\u00edfica y llama a una devoluci\u00f3n de llamada determinada. Un atacante puede suministrar un archivo HTML especialmente dise\u00f1ado, como entrada del usuario, lo que permite leer archivos arbitrarios en el sistema de archivos. Por ejemplo, si la funci\u00f3n page.render() es la funci\u00f3n de devoluci\u00f3n de llamada, esto genera un PDF o una imagen del archivo de destino. NOTA: este producto ya no es desarrollado."}], "lastModified": "2019-11-08T17:27:12.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phantomjs:phantomjs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CED6EEC7-D449-4A55-B3D8-1275FFDFACA8", "versionEndIncluding": "2.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}