Arbitrary File Read
CVE-2020-7790

5.3MEDIUM

Key Information:

Vendor: Spatie
Status: Spatie/browsershot
Vendor: CVE Published:; 11 December 2020

What is CVE-2020-7790?

This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.

Affected Version(s)

spatie/browsershot 0.0.0

References

https://snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-1037064

x_refsource_MISC

https://github.com/spatie/browsershot/issues/441%23issue-...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2020
Vulnerability Reserved
Jan 21, 2020

Credit

Anand

Spatie

What is CVE-2020-7790?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit