CVE-2022-41706 Information
Nov 26, 2022
cve
Description
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
Reference
https://github.com/spatie/browsershot/ https://fluidattacks.com/advisories/eminem/ Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
Share on: