We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server.
Reserved 2023-12-22 | Published 2024-12-13 | Updated 2024-12-16 | Assigner snykMuhammad Firdaus Amran
security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745
github.com/...1b9977d8df570c67/src/Browsershot.php#L258-L269
github.com/...ommit/fae8396641b961f62bd756920b14f01a4391296e
Support options