What is CVE-2024-36527?

CVE-2024-36527 is a vulnerability in N/a. Published 2024-06-17.

Is CVE-2024-36527 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.

EPSS: 0.891 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

bigb0x/CVE-2024-36527
nomi-sec/PoC-in-GitHub

References

gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911

Frequently asked questions

What is CVE-2024-36527?: CVE-2024-36527 is a vulnerability in N/a. Published 2024-06-17.
Is CVE-2024-36527 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.