CVE-2022-43984

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.
References
Link Resource
https://fluidattacks.com/advisories/malone/ Exploit Third Party Advisory
https://github.com/spatie/browsershot/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:spatie:browsershot:3.57.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-11-25 17:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-43984

Mitre link : CVE-2022-43984

CVE.ORG link : CVE-2022-43984


JSON object : View

Products Affected

spatie

  • browsershot
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')