Home > Vulnerability Database > CVE-2024-21549

Mend.io Vulnerability Database

CVE-2024-21549

Date: December 20, 2024

Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.\r\r**Note:**\r\rThis is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745).

Language: PHP

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-21549

Url: https://github.com/spatie/browsershot

Url: https://github.com/spatie/browsershot/discussions/906

Url: https://github.com/spatie/browsershot/commit/f791ce0ae8dd99367dbfa30588ee31e1196e1728

Url: https://www.mend.io/vulnerability-database/CVE-2024-21549

Severity Score

7.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-21549

Date: December 20, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?