mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
875 B
875 B
CVE-2024-21547
Description
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read any file on the server by exploiting the normalization of \ into /.
POC
Reference
- https://gist.github.com/chuajianshen/baa71db588cfc038fb5d65624a47be81
- https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8501858
Github
No PoCs found on GitHub currently.