We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.
Reserved 2023-12-22 | Published 2024-12-18 | Updated 2024-12-18 | Assigner snykJian Shen Chua
security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8501858
gist.github.com/...jianshen/baa71db588cfc038fb5d65624a47be81
github.com/...ommit/dfc3635b83dd980e5c39f8f8c73e87723b99ca01
Support options