We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-21547



Description

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.

Reserved 2023-12-22 | Published 2024-12-18 | Updated 2024-12-18 | Assigner snyk


HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:PHIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P

Problem types

Directory Traversal

Credits

Jian Shen Chua

References

security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8501858

gist.github.com/...jianshen/baa71db588cfc038fb5d65624a47be81

github.com/...ommit/dfc3635b83dd980e5c39f8f8c73e87723b99ca01

cve.org (CVE-2024-21547)

nvd.nist.gov (CVE-2024-21547)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21547

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.