We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. **Note:** This is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745).
Reserved 2023-12-22 | Published 2024-12-20 | Updated 2024-12-20 | Assigner snykAhmad Shauqi
security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023
github.com/spatie/browsershot/discussions/906
github.com/...ommit/f791ce0ae8dd99367dbfa30588ee31e1196e1728
Support options