CVE - CVE-2024-21547

CVE-ID
CVE-2024-21547	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://gist.github.com/chuajianshen/baa71db588cfc038fb5d65624a47be81 URL:https://gist.github.com/chuajianshen/baa71db588cfc038fb5d65624a47be81 MISC:https://github.com/spatie/browsershot/commit/dfc3635b83dd980e5c39f8f8c73e87723b99ca01 URL:https://github.com/spatie/browsershot/commit/dfc3635b83dd980e5c39f8f8c73e87723b99ca01 MISC:https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8501858 URL:https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8501858
Assigning CNA
Snyk
Date Record Created
20231222	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20231222)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)