Main Vulnerability Database SB2019110527

SB2019110527 - Arbitrary file read in PhantomJS

Published: November 5, 2019 Updated: January 10, 2023

Security Bulletin ID SB2019110527

CSH Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Files or Directories Accessible to External Parties (CVE-ID: CVE-2019-17221)

The vulnerability allows a remote attacker to read arbitrary files on the system.

The vulnerability exists due to insecure processing of an XMLHttpRequest for a file:// URI in the page.open() function of the webpage module. A remote attacker can view contents of arbitrary files on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/