Wiz
Vulnerability DatabaseCVE-2024-1647

CVE-2024-1647
Python vulnerability analysis and mitigation

Overview

CVE-2024-1647 affects Pyhtml2pdf version 0.0.6, a Python wrapper for converting HTML to PDF. The vulnerability was discovered on January 14, 2024, and publicly disclosed on February 19, 2024. This security flaw allows an external attacker to remotely obtain arbitrary local files due to insufficient validation of HTML content entered by users (Fluid Advisory).

Technical details

The vulnerability stems from the application's failure to validate HTML content for malicious elements before processing. It has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating that it is network-accessible, requires low attack complexity, needs no privileges, and can result in high confidentiality impact (NVD).

Impact

When successfully exploited, this vulnerability enables remote attackers to read arbitrary local files from the system where Pyhtml2pdf is deployed. This can lead to unauthorized access to sensitive information and potential data breaches (Fluid Advisory).

Mitigation and workarounds

As of the vulnerability disclosure, there is no official patch available for this vulnerability. Users of Pyhtml2pdf version 0.0.6 should consider upgrading to newer versions or implementing additional input validation controls (Fluid Advisory).

Additional resources

SourceThis report was generated using AI

Related Python vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-23949HIGH8.6
  • PythonPython
  • jaraco.context
NoYesJan 20, 2026
CVE-2026-22219HIGH8.3
  • PythonPython
  • chainlit
NoYesJan 20, 2026
CVE-2026-23842HIGH7.5
  • PythonPython
  • chatterbot
NoYesJan 19, 2026
CVE-2026-23877MEDIUM5.3
  • PythonPython
  • swingmusic
NoYesJan 19, 2026
CVE-2026-23833LOW1.7
  • PythonPython
  • esphome
NoYesJan 19, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo