CVE-2024-21547

CVSS V2 None CVSS V3 None
Description
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.
Overview
  • CVE ID
  • CVE-2024-21547
  • Assigner
  • snyk
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-18T06:06:04.591Z
  • Last Modified Date
  • 2024-12-18T14:44:23.335Z
History
Created Old Value New Value Data Type Notes
2024-12-19 13:35:46 Added to TrackCVE