CVE-2024-21547

Published

Severity

CVSS v3:
N/A
CVSS v2:
N/A

Description

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.

References

Configurations

CPE23Version StartVersion EndExact Version

External Links