Remote File Access Vulnerability in Browsershot by Spatie
CVE-2022-43984

8.2HIGH

Key Information:

Vendor: Spatie
Status: Browsershot
Vendor: CVE Published:; 25 November 2022

What is CVE-2022-43984?

Browsershot version 3.57.3 contains a vulnerability that allows an attacker to remotely access arbitrary local files. This flaw arises from insufficient validation of JavaScript content imported from external sources, particularly allowing file URLs through the file:// protocol. If exploited, this vulnerability could lead to unauthorized access to sensitive local files, posing a significant risk to users utilizing the affected version of Browsershot.

Affected Version(s)

Browsershot 3.57.3

References

https://fluidattacks.com/advisories/malone/

https://github.com/spatie/browsershot/

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2022
Vulnerability Reserved
Oct 28, 2022