CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
15.5%
WeasyPrint is vulnerable to Path Traversal. The vulnerability is due to improper validation mechanisms in the url_fetcher
function, which fails to restrict the inclusion of arbitrary local files and URLs in the generated PDF documents. This flaw allowing an attacker to include or traverse to files and directories outside the intended scope, potentially leading to unauthorized access or disclosure of sensitive information.