NodeJS/phantomjs/1.9.1-9
Headless WebKit with JS API
https://www.npmjs.com/package/phantomjs
Apache-2.0
1 Security Vulnerabilities
PhantomJS Arbitrary File Read
Published date: 2022-05-24T22:01:03Z
CVE: CVE-2019-17221
Links:
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.
Affected versions:
["0.0.1", "0.0.3", "0.0.6", "0.0.8", "0.1.0", "0.1.1", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "1.8.1-1", "1.8.2-2", "1.9.0-1", "1.9.0-2", "1.9.0-3", "1.9.0-4", "1.9.0-6", "1.9.1-0", "1.9.1-2", "1.9.1-3", "1.9.1-7", "1.9.1-8", "1.9.2-2", "1.9.2-3", "1.9.2-5", "1.9.2-6", "1.9.7-3", "1.9.7-7", "1.9.7-8", "1.9.7-9", "1.9.7-10", "1.9.7-11", "1.9.7-12", "1.8.2-3", "1.9.9", "1.9.13", "1.9.15", "1.9.17", "1.9.19", "2.1.1", "1.9.20", "0.0.2", "0.0.4", "0.0.5", "0.0.7", "0.0.9", "0.2.0", "0.2.5", "0.2.6", "1.8.0-1", "1.8.1-2", "1.8.1-3", "1.8.2-0", "1.8.2-1", "1.9.0-0", "1.9.0-5", "1.9.1-4", "1.9.1-5", "1.9.1-6", "1.9.1-9", "1.9.2-0", "1.9.2-1", "1.9.2-4", "1.9.6-0", "1.9.7-1", "1.9.7-4", "1.9.7-5", "1.9.7-6", "1.9.7-13", "1.9.7-14", "1.9.7-15", "1.9.8", "1.9.10", "1.9.11", "1.9.12", "1.9.16", "1.9.18"]
Secure versions:
[2.1.2, 2.1.3, 2.1.3-deprecated, 2.1.7]
Recommendation:
Update to version 2.1.7.
81 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 1.9.0-4 | Apache-2.0 | 1 | 2013-05-17 - 17:11 | about 12 years |
| 1.9.0-3 | Apache-2.0 | 1 | 2013-04-23 - 02:34 | about 12 years |
| 1.9.0-2 | Apache-2.0 | 1 | 2013-04-14 - 17:05 | about 12 years |
| 1.9.0-1 | Apache-2.0 | 1 | 2013-04-02 - 23:17 | over 12 years |
| 1.9.0-0 | Apache-2.0 | 1 | 2013-03-25 - 21:11 | over 12 years |
| 1.8.2-3 | Apache-2.0 | 1 | 2014-09-04 - 16:04 | almost 11 years |
| 1.8.2-2 | Apache-2.0 | 1 | 2013-03-20 - 16:17 | over 12 years |
| 1.8.2-1 | Apache-2.0 | 1 | 2013-03-19 - 23:42 | over 12 years |
| 1.8.2-0 | Apache-2.0 | 1 | 2013-03-11 - 20:18 | over 12 years |
| 1.8.1-3 | Apache-2.0 | 1 | 2013-01-30 - 22:33 | over 12 years |
| 1.8.1-2 | Apache-2.0 | 1 | 2013-01-30 - 21:19 | over 12 years |
| 1.8.1-1 | Apache-2.0 | 1 | 2013-01-29 - 23:53 | over 12 years |
| 1.8.0-1 | Apache-2.0 | 1 | 2012-12-23 - 17:52 | over 12 years |
| 0.2.6 | Apache-2.0 | 1 | 2012-12-19 - 21:48 | over 12 years |
| 0.2.5 | Apache-2.0 | 1 | 2012-12-19 - 21:25 | over 12 years |
| 0.2.4 | Apache-2.0 | 1 | 2012-12-19 - 21:01 | over 12 years |
| 0.2.3 | Apache-2.0 | 1 | 2012-11-25 - 18:36 | over 12 years |
| 0.2.2 | Apache-2.0 | 1 | 2012-10-25 - 22:47 | over 12 years |
| 0.2.1 | Apache-2.0 | 1 | 2012-10-22 - 15:45 | over 12 years |
| 0.2.0 | Apache-2.0 | 1 | 2012-10-11 - 18:53 | almost 13 years |
| 0.1.1 | Apache-2.0 | 1 | 2012-10-11 - 16:52 | almost 13 years |
| 0.1.0 | Apache-2.0 | 1 | 2012-10-07 - 18:06 | almost 13 years |
| 0.0.9 | Apache-2.0 | 1 | 2012-10-05 - 14:53 | almost 13 years |
| 0.0.8 | Apache-2.0 | 1 | 2012-09-10 - 22:36 | almost 13 years |
| 0.0.7 | Apache-2.0 | 1 | 2012-09-10 - 22:32 | almost 13 years |
| 0.0.6 | Apache-2.0 | 1 | 2012-09-10 - 22:30 | almost 13 years |
| 0.0.5 | Apache-2.0 | 1 | 2012-09-10 - 22:28 | almost 13 years |
| 0.0.4 | Apache-2.0 | 1 | 2012-09-10 - 22:24 | almost 13 years |
| 0.0.3 | Apache-2.0 | 1 | 2012-09-10 - 22:23 | almost 13 years |
| 0.0.2 | Apache-2.0 | 1 | 2012-09-10 - 21:54 | almost 13 years |
| 0.0.1 | Apache-2.0 | 1 | 2012-09-10 - 21:20 | almost 13 years |