Описание
Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories.
EPSS
Процентиль: 24%
0.00081
Низкий
8.2 High
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 8.2
github
10 месяцев назад
Browsershot Server-Side Request Forgery (SSRF) via setURL() Function
EPSS
Процентиль: 24%
0.00081
Низкий
8.2 High
CVSS3
Дефекты
CWE-918
CWE-918