CVE-2022-41706

Published November 25th, 2022

View on NVD ↗

CVSS v3

8.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.

spatie/browsershot

Convert HTML to an image, PDF or string

GitHub

5.22K