CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a `file://` URI. The vulnerability exists in the `page.open()` function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if `page.render()` is the function callback, this generates a PDF or an image of the targeted file. **NOTE**: this product is no longer developed.

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a `file://` URI. The vulnerability exists in the `page.open()` function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if `page.render()` is the function callback, this generates a PDF or an image of the targeted file. **NOTE**: this product is no longer developed.

PhantomJS versiones hasta la versión 2.1.1, tiene una vulnerabilidad de lectura de archivos arbitraria, como es demostrado por un XMLHttpRequest para un URI file:// . La vulnerabilidad existe en la función page.open() del módulo webpage, que carga una URL específica y llama a una devolución de llamada determinada. Un atacante puede suministrar un archivo HTML especialmente diseñado, como entrada del usuario, lo que permite leer archivos arbitrarios en el sistema de archivos. Por ejemplo, si la función page.render() es la función de devolución de llamada, esto genera un PDF o una imagen del archivo de destino. NOTA: este producto ya no es desarrollado.