CVE-2022-43983

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.
References
Link Resource
https://fluidattacks.com/advisories/khalid/ Exploit Third Party Advisory
https://github.com/spatie/browsershot/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:spatie:browsershot:3.57.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-11-25 17:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-43983

Mitre link : CVE-2022-43983

CVE.ORG link : CVE-2022-43983


JSON object : View

Products Affected

spatie

  • browsershot
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')