Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-PHP-SPATIEBROWSERSHOT-1037064
- published 13 Dec 2020
- disclosed 4 Nov 2020
- credit Anand
How to fix?
spatie/browsershot to version 3.40.1 or higher.
spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome.
Affected versions of this package are vulnerable to Arbitrary File Read. By specifying a URL in the
file:// protocol an attacker is able to include arbitrary files in the resultant PDF.