Количество 2
Количество 2
CVE-2024-21544
Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server.
GHSA-g2r4-phv7-5fgv
Browsershot Local File Inclusion
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-21544 Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server. | CVSS3: 8.6 | 0% Низкий | около 1 года назад |
| GHSA-g2r4-phv7-5fgv Browsershot Local File Inclusion | CVSS3: 8.6 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу