CVE-2022-43984
MEDIUM6.1EPSS 0.16%Browsershot version 3.57.3 vulnerable to improper input validation
發布日:2022/11/25修改日:2025/4/29
描述
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.
受影響套件(1)
- Packagist/spatie/browsershotfrom 0, < 3.57.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-43984
- WEBhttps://fluidattacks.com/advisories/malone
- WEBhttps://github.com/spatie/browsershot
- WEBhttps://github.com/spatie/browsershot/commit/554c3e566fde8c47ad1ac9be47eaeb9a84c4dfe2
- WEBhttps://github.com/spatie/browsershot/commit/92cf16fc098211731f80d21687abeafbe2c457ad