Описание
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read any file on the server by exploiting the normalization of \ into /.
EPSS
Процентиль: 25%
0.00087
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
около 1 года назад
Spatie Browsershot Directory Traversal vulnerability
EPSS
Процентиль: 25%
0.00087
Низкий
7.5 High
CVSS3
Дефекты
CWE-22