CVE-2025-1022

Feb. 5, 2025, 8:15 p.m.

8.2
High

Description

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.

Product(s) Impacted

Product Versions
spatie/browsershot
  • before 5.0.5

Weaknesses

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://gist.github.com/mrdgef/a820837c530e09e1dd725e013e0d4341
https://github.com/spatie/browsershot/commit/bcfd608b264fab654bf78e199bdfbb03e9323eb7
https://github.com/spatie/browsershot/commit/e3273974506865a24fbb5b65b534d8d4b8dfbf72
https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496747
https://gist.github.com/mrdgef/a820837c530e09e1dd725e013e0d4341

Tags

CWE-20
report@snyk.io
2025-02-05
CVE-2025-1022

CVSS Score

8.2 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: LOW
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Date

  • Published: Feb. 5, 2025, 5:15 a.m.
  • Last Modified: Feb. 5, 2025, 8:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

report@snyk.io

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.