CVE-2020-7790

spatie/browsershot

on GitHub

Published

Dec 11, 2020

Severity

CVSS v3:

N/A

CVSS v2:

5 MEDIUM

Description

This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.

References

https://snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-1037064
https://github.com/spatie/browsershot/issues/441%23issue-735049731

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:spatie:browsershot::::::::	n/a	n/a	*

External Links

NVD - CVE-2020-7790