CVE-2019-17221 - OpenCVE

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phantomjs	Phantomjs

Configuration 1 [-]

cpe:2.3:a:phantomjs:phantomjs:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-05T13:10:45

Updated: 2024-08-05T01:33:17.356Z

Reserved: 2019-10-06T00:00:00

Link: CVE-2019-17221

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-05T14:15:13.537

Modified: 2019-11-08T17:27:12.430

Link: CVE-2019-17221

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-05T13:10:45", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17221", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/", "refsource": "MISC", "url": "https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:33:17.356Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17221", "datePublished": "2019-11-05T13:10:45", "dateReserved": "2019-10-06T00:00:00", "dateUpdated": "2024-08-05T01:33:17.356Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phantomjs:phantomjs:*:*:*:*:*:*:*:*", "matchCriteriaId": "CED6EEC7-D449-4A55-B3D8-1275FFDFACA8", "versionEndIncluding": "2.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed."}, {"lang": "es", "value": "PhantomJS versiones hasta la versi\u00f3n 2.1.1, tiene una vulnerabilidad de lectura de archivos arbitraria, como es demostrado por un XMLHttpRequest para un URI file:// . La vulnerabilidad existe en la funci\u00f3n page.open() del m\u00f3dulo webpage, que carga una URL espec\u00edfica y llama a una devoluci\u00f3n de llamada determinada. Un atacante puede suministrar un archivo HTML especialmente dise\u00f1ado, como entrada del usuario, lo que permite leer archivos arbitrarios en el sistema de archivos. Por ejemplo, si la funci\u00f3n page.render() es la funci\u00f3n de devoluci\u00f3n de llamada, esto genera un PDF o una imagen del archivo de destino. NOTA: este producto ya no es desarrollado."}], "id": "CVE-2019-17221", "lastModified": "2019-11-08T17:27:12.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-05T14:15:13.537", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "nvd@nist.gov", "type": "Primary"}]}