Executive Summary

Informations
Name CVE-2024-21549 First vendor Publication 2024-12-20
Vendor Cve Last vendor Modification 2025-02-04

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. **Note:** This is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21549

Sources (Detail)

https://github.com/spatie/browsershot/commit/f791ce0ae8dd99367dbfa30588ee31e1...
https://github.com/spatie/browsershot/discussions/906
https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2025-02-04 17:20:40
  • Multiple Updates
2024-12-21 03:05:59
  • Multiple Updates
2024-12-21 03:01:05
  • Multiple Updates
2024-12-20 21:20:28
  • Multiple Updates
2024-12-20 09:20:29
  • First insertion