CVE-2020-7790

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in packagist/spatie/browsershot

Identifiers

GHSA-rv74-mh27-4jpv, CVE-2020-7790

Package Slug

packagist/spatie/browsershot

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.

Affected Versions

All versions before 3.40.1

Solution

Upgrade to version 3.40.1 or above.

Last Modified

2024-02-02

source