VDB
CVE-2019-17221
CVE-2019-17221
PUBLISHED
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.
EPSS 13.60% · 94.4th percentile
Risk Scores
EPSS Score
13.60%
94.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | phantomjs | 2.0.0+dfsg-1, 1.9.0-1, 2.1.1+dfsg-1 |
| Ubuntu:18.04:LTS | phantomjs | 2.1.1+dfsg-2, 0 |
| Ubuntu:20.04:LTS | phantomjs | 2.1.1+dfsg-2, 0, 2.1.1+dfsg-2ubuntu1 |
Exploit Intelligence
- PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as th... (github-poc)
- PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as th... (github-poc)
- PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as th... (github-poc)
- PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as th... (github-poc)
- PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as th... (github-poc)
- PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as th... (github-poc)
- PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as th... (github-poc)
- https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/ (nist-nvd)
Timeline
- Nov 5, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Nov 8, 2023 CVE Updated
- Mar 19, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 4, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-17221 third-party-advisory
- https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-17221 third-party-advisory