NodeJS/phantomjs/1.9.1-6
Headless WebKit with JS API
https://www.npmjs.com/package/phantomjs
Apache-2.0
1 Security Vulnerabilities
PhantomJS Arbitrary File Read
Published date: 2022-05-24T22:01:03Z
CVE: CVE-2019-17221
Links:
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.
Affected versions:
["0.0.1", "0.0.3", "0.0.6", "0.0.8", "0.1.0", "0.1.1", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "1.8.1-1", "1.8.2-2", "1.9.0-1", "1.9.0-2", "1.9.0-3", "1.9.0-4", "1.9.0-6", "1.9.1-0", "1.9.1-2", "1.9.1-3", "1.9.1-7", "1.9.1-8", "1.9.2-2", "1.9.2-3", "1.9.2-5", "1.9.2-6", "1.9.7-3", "1.9.7-7", "1.9.7-8", "1.9.7-9", "1.9.7-10", "1.9.7-11", "1.9.7-12", "1.8.2-3", "1.9.9", "1.9.13", "1.9.15", "1.9.17", "1.9.19", "2.1.1", "1.9.20", "0.0.2", "0.0.4", "0.0.5", "0.0.7", "0.0.9", "0.2.0", "0.2.5", "0.2.6", "1.8.0-1", "1.8.1-2", "1.8.1-3", "1.8.2-0", "1.8.2-1", "1.9.0-0", "1.9.0-5", "1.9.1-4", "1.9.1-5", "1.9.1-6", "1.9.1-9", "1.9.2-0", "1.9.2-1", "1.9.2-4", "1.9.6-0", "1.9.7-1", "1.9.7-4", "1.9.7-5", "1.9.7-6", "1.9.7-13", "1.9.7-14", "1.9.7-15", "1.9.8", "1.9.10", "1.9.11", "1.9.12", "1.9.16", "1.9.18"]
Secure versions:
[2.1.2, 2.1.3, 2.1.3-deprecated, 2.1.7]
Recommendation:
Update to version 2.1.7.
81 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 2.1.7 | Apache-2.0 | 2016-04-07 - 14:53 | over 9 years | |
| 2.1.3 | Apache-2.0 | 2016-01-28 - 04:47 | over 9 years | |
| 2.1.3-deprecated | Apache-2.0 | 2016-01-28 - 04:40 | over 9 years | |
| 2.1.2 | Apache-2.0 | 2016-01-25 - 22:56 | over 9 years | |
| 2.1.1 | Apache-2.0 | 1 | 2016-01-25 - 21:14 | over 9 years |
| 1.9.20 | Apache-2.0 | 1 | 2016-03-31 - 17:15 | over 9 years |
| 1.9.19 | Apache-2.0 | 1 | 2015-11-24 - 16:38 | over 9 years |
| 1.9.18 | Apache-2.0 | 1 | 2015-08-10 - 15:18 | almost 10 years |
| 1.9.17 | Apache-2.0 | 1 | 2015-05-21 - 16:16 | about 10 years |
| 1.9.16 | Apache-2.0 | 1 | 2015-03-03 - 18:09 | over 10 years |
| 1.9.15 | Apache-2.0 | 1 | 2015-01-28 - 17:27 | over 10 years |
| 1.9.13 | Apache-2.0 | 1 | 2014-12-19 - 18:04 | over 10 years |
| 1.9.12 | Apache-2.0 | 1 | 2014-10-27 - 19:56 | over 10 years |
| 1.9.11 | Apache-2.0 | 1 | 2014-10-16 - 16:12 | over 10 years |
| 1.9.10 | Apache-2.0 | 1 | 2014-09-24 - 16:51 | almost 11 years |
| 1.9.9 | Apache-2.0 | 1 | 2014-09-17 - 18:39 | almost 11 years |
| 1.9.8 | Apache-2.0 | 1 | 2014-09-17 - 16:10 | almost 11 years |
| 1.9.7-15 | Apache-2.0 | 1 | 2014-07-23 - 13:41 | almost 11 years |
| 1.9.7-14 | Apache-2.0 | 1 | 2014-07-09 - 23:17 | about 11 years |
| 1.9.7-13 | Apache-2.0 | 1 | 2014-07-09 - 16:13 | about 11 years |
| 1.9.7-12 | Apache-2.0 | 1 | 2014-06-28 - 17:17 | about 11 years |
| 1.9.7-11 | Apache-2.0 | 1 | 2014-06-28 - 17:12 | about 11 years |
| 1.9.7-10 | Apache-2.0 | 1 | 2014-06-24 - 00:25 | about 11 years |
| 1.9.7-9 | Apache-2.0 | 1 | 2014-06-18 - 17:36 | about 11 years |
| 1.9.7-8 | Apache-2.0 | 1 | 2014-05-24 - 02:04 | about 11 years |
| 1.9.7-7 | Apache-2.0 | 1 | 2014-05-23 - 17:13 | about 11 years |
| 1.9.7-6 | Apache-2.0 | 1 | 2014-05-21 - 22:38 | about 11 years |
| 1.9.7-5 | Apache-2.0 | 1 | 2014-04-28 - 19:16 | about 11 years |
| 1.9.7-4 | Apache-2.0 | 1 | 2014-04-22 - 02:36 | about 11 years |
| 1.9.7-3 | Apache-2.0 | 1 | 2014-04-02 - 15:39 | over 11 years |
| 1.9.7-1 | Apache-2.0 | 1 | 2014-01-27 - 18:35 | over 11 years |
| 1.9.6-0 | Apache-2.0 | 1 | 2014-01-24 - 17:31 | over 11 years |
| 1.9.2-6 | Apache-2.0 | 1 | 2013-12-20 - 22:38 | over 11 years |
| 1.9.2-5 | Apache-2.0 | 1 | 2013-12-05 - 22:01 | over 11 years |
| 1.9.2-4 | Apache-2.0 | 1 | 2013-11-20 - 17:05 | over 11 years |
| 1.9.2-3 | Apache-2.0 | 1 | 2013-11-19 - 17:12 | over 11 years |
| 1.9.2-2 | Apache-2.0 | 1 | 2013-10-01 - 21:08 | almost 12 years |
| 1.9.2-1 | Apache-2.0 | 1 | 2013-09-19 - 14:45 | almost 12 years |
| 1.9.2-0 | Apache-2.0 | 1 | 2013-09-09 - 15:02 | almost 12 years |
| 1.9.1-9 | Apache-2.0 | 1 | 2013-09-03 - 16:11 | almost 12 years |
| 1.9.1-8 | Apache-2.0 | 1 | 2013-08-19 - 21:52 | almost 12 years |
| 1.9.1-7 | Apache-2.0 | 1 | 2013-08-19 - 18:38 | almost 12 years |
| 1.9.1-6 | Apache-2.0 | 1 | 2013-08-18 - 00:02 | almost 12 years |
| 1.9.1-5 | Apache-2.0 | 1 | 2013-08-14 - 22:26 | almost 12 years |
| 1.9.1-4 | Apache-2.0 | 1 | 2013-08-13 - 21:35 | almost 12 years |
| 1.9.1-3 | Apache-2.0 | 1 | 2013-08-13 - 18:28 | almost 12 years |
| 1.9.1-2 | Apache-2.0 | 1 | 2013-08-12 - 18:54 | almost 12 years |
| 1.9.1-0 | Apache-2.0 | 1 | 2013-06-13 - 14:36 | about 12 years |
| 1.9.0-6 | Apache-2.0 | 1 | 2013-05-29 - 01:28 | about 12 years |
| 1.9.0-5 | Apache-2.0 | 1 | 2013-05-28 - 17:07 | about 12 years |