GHSA-rv74-mh27-4jpv, CVE-2020-7790
packagist/spatie/browsershot
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.
All versions before 3.40.1
Upgrade to version 3.40.1 or above.
2024-02-02
source |