Lucene search
HistoryNov 25, 2022 - 6:15 p.m.
CVE-2022-41706
browsershot
version 3.57.2
remote retrieval
CVSS3
8.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
EPSS
0.002
Percentile
55.7%
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
Affected configurations
Node
spatiebrowsershotMatch3.57.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| spatie | browsershot | 3.57.2 | cpe:2.3:a:spatie:browsershot:3.57.2:*:*:*:*:*:*:* |
Related
github
github
Browsershot does not validate URL protocols passed to Browsershot URL method
2022-11-25 18:30:25
osv
osv
Browsershot does not validate URL protocols passed to Browsershot URL method
2022-11-25 18:30:25
CVE-2022-41706
2022-11-25 18:15:11
veracode
veracode
Cross-site Scripting (XSS)
2022-11-28 05:33:10
prion
prion
Design/Logic Flaw
2022-11-25 18:15:00
cvelist
cvelist
CVE-2022-41706
2022-11-25 00:00:00
cve
cve
CVE-2022-41706
2022-11-25 18:15:11
CVSS3
8.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
EPSS
0.002
Percentile
55.7%
Related for NVD:CVE-2022-41706