Browsershot Server-Side Request Forgery (SSRF) via setURL() Function

Versions of the package spatie/browsershot from 0.0.0 to 5.0.3 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...

Browsershot 安全漏洞

Browsershot is an open source tool from Spatie. It is used to convert web pages into images or pdfs. Browsershot version 0.0.0 there is a security vulnerability , the vulnerability stems from the setUrl function lack of input restrictions , which may lead to server-side request forgery...

Server-side Request Forgery (SSRF)

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhos...

Spatie Browsershot 安全漏洞

Spatie Browsershot is a codebase from the Belgian Spatie team that converts browser pages into PDF or image formats based on Php and Javascript. A security vulnerability exists in Spatie Browsershot versions prior to 5.0.3, which stems from improper URL validation via the setUrl method...

Improper Input Validation

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the...

Cross-site Scripting (XSS)

spatie/browsershot is vulnerable to cross site scripting. The vulnerable exists in the setUrl function in Browsershot.php which allows an external attacker to remotely obtain arbitrary local files, because the application does not validate the passed URL protocol...

OSV-2021-1793 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43160 Crash type: Heap-buffer-overflow READ Crash state: seturl parseurl curlurlset...

OSV-2021-1758 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42892 Crash type: Heap-buffer-overflow READ Crash state: seturl parseurl curlurlset...

OSV-2021-1747 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42808 Crash type: Heap-buffer-overflow READ 16 Crash state: seturl parseurl curlurlset...

OSV-2021-1730 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42708 Crash type: Heap-buffer-overflow READ Crash state: seturl parseurl curlurlset...

curl:curl_fuzzer_http: Heap-use-after-free in seturl

Project: https://github.com/curl/curl.git Detailed Report: https://oss-fuzz.com/testcase?key=5168359280214016 Project: curl Fuzzing Engine: libFuzzer Fuzz Target: curlfuzzerhttp Job Type: libfuzzerasancurl Platform Id: linux Crash Type: Heap-use-after-free READ 1 Crash Address: 0x60300002cfbb Cra...