GHSA-8c2c-jxwj-jqgf

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-8c2c-jxwj-jqgf/GHSA-8c2c-jxwj-jqgf.json

Aliases

CVE-2022-41706

Published

2022-11-25T18:30:25Z

Modified

2023-04-11T01:32:31.803752Z

Details

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.

References

Affected packages

Packagist / spatie/browsershot

Source Details

Package Name: spatie/browsershot

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.57.3

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

1.*

1.0.0

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.3.0

1.4.0

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.6.0

1.7.0

1.8.0

1.9.0

1.9.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.2.0

2.3.0

2.4.0

2.4.1

2.4.2

3.*

3.0.0

3.1.0

3.2.0

3.2.1

3.3.0

3.3.1

3.4.0

3.5.0

3.6.0

3.7.0

3.8.0

3.8.1

3.9.0

3.10.0

3.11.0

3.11.1

3.12.0

3.13.0

3.14.0

3.14.1

3.15.0

3.16.0

3.16.1

3.17.0

3.18.0

3.19.0

3.20.0

3.20.1

3.22.0

3.22.1

3.23.0

3.23.1

3.24.0

3.25.0

3.25.1

3.26.0

3.26.1

3.26.2

3.26.3

3.27.0

3.29.0

3.30.0

3.31.0

3.31.1

3.32.0

3.32.1

3.32.2

3.33.0

3.33.1

3.34.0

3.35.0

3.36.0

3.37.0

3.37.1

3.37.2

3.38.0

3.39.0

3.40.0

3.40.1

3.40.2

3.40.3

3.41.0

3.41.1

3.41.2

3.42.0

3.44.0

3.44.1

3.45.0

3.46.0

3.47.0

3.48.0

3.49.0

3.50.0

3.50.1

3.50.2

3.51.0

3.52.0

3.52.1

3.52.2

3.52.3

3.52.4

3.52.5

3.52.6

3.53.0

3.54.0

3.55.0

3.56.0

3.57.0

3.57.1

3.57.2