GHSA-8c2c-jxwj-jqgf

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-8c2c-jxwj-jqgf/GHSA-8c2c-jxwj-jqgf.json
Aliases
  • CVE-2022-41706
Published
2022-11-25T18:30:25Z
Modified
2023-01-31T02:38:06.348356Z
Details

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.

References

Affected packages

Packagist / spatie/browsershot

spatie/browsershot

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
3.57.3

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.1.3

1.*

1.0.0
1.1.0
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.4.0
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.7.0
1.8.0
1.9.0
1.9.1

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.0
2.3.0
2.4.0
2.4.1
2.4.2

3.*

3.0.0
3.1.0
3.10.0
3.11.0
3.11.1
3.12.0
3.13.0
3.14.0
3.14.1
3.15.0
3.16.0
3.16.1
3.17.0
3.18.0
3.19.0
3.2.0
3.2.1
3.20.0
3.20.1
3.22.0
3.22.1
3.23.0
3.23.1
3.24.0
3.25.0
3.25.1
3.26.0
3.26.1
3.26.2
3.26.3
3.27.0
3.29.0
3.3.0
3.3.1
3.30.0
3.31.0
3.31.1
3.32.0
3.32.1
3.32.2
3.33.0
3.33.1
3.34.0
3.35.0
3.36.0
3.37.0
3.37.1
3.37.2
3.38.0
3.39.0
3.4.0
3.40.0
3.40.1
3.40.2
3.40.3
3.41.0
3.41.1
3.41.2
3.42.0
3.44.0
3.44.1
3.45.0
3.46.0
3.47.0
3.48.0
3.49.0
3.5.0
3.50.0
3.50.1
3.50.2
3.51.0
3.52.0
3.52.1
3.52.2
3.52.3
3.52.4
3.52.5
3.52.6
3.53.0
3.54.0
3.55.0
3.56.0
3.57.0
3.57.1
3.57.2
3.6.0
3.7.0
3.8.0
3.8.1
3.9.0