Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Dec 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /. | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-12-18T06:06:04.591Z
Updated: 2024-12-18T14:44:23.335Z
Reserved: 2023-12-22T12:33:20.128Z
Link: CVE-2024-21547
Vulnrichment
Updated: 2024-12-18T14:44:18.928Z
NVD
Status : Received
Published: 2024-12-18T06:15:23.187
Modified: 2024-12-18T06:15:23.187
Link: CVE-2024-21547
Redhat
No data.