exploitDog

CVE-2022-43984

Опубликовано: 25 нояб. 2022

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.

Ссылки

https://fluidattacks.com/advisories/malone/
Exploit
Third Party Advisory
https://github.com/spatie/browsershot/
Product
https://fluidattacks.com/advisories/malone/
Exploit
Third Party Advisory
https://github.com/spatie/browsershot/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spatie:browsershot:3.57.3:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00152

Низкий

8.2 High

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-6q49-35h6-rq2p

CVSS3: 6.1

github

около 3 лет назад

Browsershot version 3.57.3 vulnerable to improper input validation

EPSS

Процентиль: 36%

0.00152

Низкий

8.2 High

CVSS3

Дефекты

CWE-79

CWE-79