Опубликовано: 18 дек. 2024
Источник: github
Github: Прошло ревью
CVSS4: 7.7
CVSS3: 7.5
Описание
Spatie Browsershot Directory Traversal vulnerability
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read any file on the server by exploiting the normalization of \ into /.
Пакеты
Наименование
spatie/browsershot
composer
Затронутые версииВерсия исправления
< 5.0.2
5.0.2
Связанные уязвимости
CVSS3: 7.5
nvd
около 1 года назад
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.