CVE-2026-46683
- EPSS 0.25%
- Veröffentlicht 10.06.2026 19:53:09
- Zuletzt bearbeitet 10.06.2026 20:21:20
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0.
CVE-2026-46643
- EPSS 0.15%
- Veröffentlicht 10.06.2026 19:52:59
- Zuletzt bearbeitet 11.06.2026 17:16:34
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote charact...
CVE-2023-41330
- EPSS 1.88%
- Veröffentlicht 06.09.2023 18:15:09
- Zuletzt bearbeitet 21.11.2024 08:21:05
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR dese...
CVE-2023-28115
- EPSS 2.76%
- Veröffentlicht 17.03.2023 22:15:11
- Zuletzt bearbeitet 21.11.2024 07:54:26
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()...