GHSA-6q49-35h6-rq2p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6q49-35h6-rq2p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-6q49-35h6-rq2p/GHSA-6q49-35h6-rq2p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6q49-35h6-rq2p
- Aliases
- Published
- 2022-11-25T18:30:25Z
- Modified
- 2024-02-18T05:33:45.962749Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Browsershot version 3.57.3 vulnerable to improper input validation
- Details
-
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.
- Database specific
{ "nvd_published_at": "2022-11-25T17:15:00Z", "cwe_ids": [ "CWE-20", "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-02T22:32:45Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-43984
- https://github.com/spatie/browsershot/commit/554c3e566fde8c47ad1ac9be47eaeb9a84c4dfe2
- https://github.com/spatie/browsershot/commit/92cf16fc098211731f80d21687abeafbe2c457ad
- https://fluidattacks.com/advisories/malone
- https://github.com/spatie/browsershot
Affected packages
Packagist / spatie/browsershot
Package
- Name
- spatie/browsershot
- Purl
- pkg:composer/spatie/browsershot
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.57.4
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
1.*
1.0.0
1.1.0
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.4.0
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.7.0
1.8.0
1.9.0
1.9.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.0
2.3.0
2.4.0
2.4.1
2.4.2
3.*
3.0.0
3.1.0
3.2.0
3.2.1
3.3.0
3.3.1
3.4.0
3.5.0
3.6.0
3.7.0
3.8.0
3.8.1
3.9.0
3.10.0
3.11.0
3.11.1
3.12.0
3.13.0
3.14.0
3.14.1
3.15.0
3.16.0
3.16.1
3.17.0
3.18.0
3.19.0
3.20.0
3.20.1
3.22.0
3.22.1
3.23.0
3.23.1
3.24.0
3.25.0
3.25.1
3.26.0
3.26.1
3.26.2
3.26.3
3.27.0
3.29.0
3.30.0
3.31.0
3.31.1
3.32.0
3.32.1
3.32.2
3.33.0
3.33.1
3.34.0
3.35.0
3.36.0
3.37.0
3.37.1
3.37.2
3.38.0
3.39.0
3.40.0
3.40.1
3.40.2
3.40.3
3.41.0
3.41.1
3.41.2
3.42.0
3.44.0
3.44.1
3.45.0
3.46.0
3.47.0
3.48.0
3.49.0
3.50.0
3.50.1
3.50.2
3.51.0
3.52.0
3.52.1
3.52.2
3.52.3
3.52.4
3.52.5
3.52.6
3.53.0
3.54.0
3.55.0
3.56.0
3.57.0
3.57.1
3.57.2
3.57.3