CVE-2022-41706

spatie/browsershot

on GitHub

Published

Nov 25, 2022

Severity

CVSS v3:

8.2 HIGH

CVSS v2:

N/A

Description

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.

References

https://github.com/spatie/browsershot/
https://fluidattacks.com/advisories/eminem/

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:spatie:browsershot:3.57.2:::::::*	n/a	n/a	3.57.2

External Links

NVD - CVE-2022-41706