We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023).
Reserved 2025-02-04 | Published 2025-02-05 | Updated 2025-02-05 | Assigner snykChua Jian Shen
Ee Yang Tee
security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533024
gist.github.com/...jianshen/6291920112fcf1543fa7b43862112be6
github.com/spatie/browsershot/pull/908
gist.github.com/mrdgef/54a8783408220c67c1b859df38a52d65
github.com/...ommit/e3273974506865a24fbb5b65b534d8d4b8dfbf72
Support options