Directory Traversal Affecting html2ps package, versions <1.0b7-1


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
0.57% (78th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Directory Traversal vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIANUNSTABLE-HTML2PS-269671
  • published10 Oct 2012
  • disclosed10 Oct 2012

Introduced: 10 Oct 2012

CVE-2009-5067  (opens in a new tab)
CWE-22  (opens in a new tab)

How to fix?

Upgrade Debian:unstable html2ps to version 1.0b7-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream html2ps package and not the html2ps package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.

CVSS Scores

version 3.1