Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Browsershot 安全漏洞
Vulnerability Description
Browsershot是Spatie开源的一个工具。用于可以将网页转换为图像或 pdf。 Browsershot 0.0.0版本存在安全漏洞,该漏洞源于setUrl函数缺少输入限制,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A