Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Browsershot 安全漏洞
Vulnerability Description
Browsershot是Spatie开源的一个工具。用于可以将网页转换为图像或 pdf。 Browsershot 5.0.1之前版本存在安全漏洞,该漏洞源于通过setUrl方法进行的URL验证不当,允许攻击者利用文件协议前的引导空白字符导致本地文件包含,从而使攻击者能够读取服务器上的敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A