Spatie

Browsershot

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-3192

  • EPSS 0.29%
  • Veröffentlicht 04.04.2025 05:15:45
  • Zuletzt bearbeitet 07.04.2025 14:18:15

Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories.

8.8

CVE-2025-1022

  • EPSS 0.24%
  • Veröffentlicht 05.02.2025 05:15:10
  • Zuletzt bearbeitet 05.02.2025 20:15:45

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/pas...

8.6

CVE-2025-1026

  • EPSS 0.21%
  • Veröffentlicht 05.02.2025 05:15:10
  • Zuletzt bearbeitet 05.02.2025 05:15:10

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **No...

8.6

CVE-2024-21549

  • EPSS 0.05%
  • Veröffentlicht 20.12.2024 05:15:06
  • Zuletzt bearbeitet 28.08.2025 15:15:38

Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows fo...

7.7

CVE-2024-21547

  • EPSS 0.05%
  • Veröffentlicht 18.12.2024 06:15:23
  • Zuletzt bearbeitet 18.12.2024 06:15:23

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting th...

8.6

CVE-2024-21544

  • EPSS 0.16%
  • Veröffentlicht 13.12.2024 05:15:07
  • Zuletzt bearbeitet 01.10.2025 11:15:31

Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// ...

8.2

CVE-2022-41706

Exploit
  • EPSS 0.32%
  • Veröffentlicht 25.11.2022 18:15:11
  • Zuletzt bearbeitet 29.04.2025 15:15:49

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.

8.2

CVE-2022-43983

Exploit
  • EPSS 0.15%
  • Veröffentlicht 25.11.2022 17:15:10
  • Zuletzt bearbeitet 29.04.2025 15:15:50

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use t...

8.2

CVE-2022-43984

Exploit
  • EPSS 0.15%
  • Veröffentlicht 25.11.2022 17:15:10
  • Zuletzt bearbeitet 29.04.2025 15:15:50

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method do...

5

CVE-2020-7790

  • EPSS 0.26%
  • Veröffentlicht 11.12.2020 11:15:11
  • Zuletzt bearbeitet 21.11.2024 05:37:48

This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.