CVE-2024-21547
on github
Published
Severity
CVSS v3:
N/A
CVSS v2:
N/A
Description
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|