Directory Traversal Vulnerability in Spatie Browsershot Package
CVE-2024-21547
Currently unrated
What is CVE-2024-21547?
CVE-2024-21547 affects versions of the Spatie Browsershot package prior to 5.0.2, exposing it to a directory traversal vulnerability. Due to inadequate URI normalization within the browser environment, attackers can exploit this weakness by leveraging file URL normalization techniques, specifically by using the backslash ('') instead of the typical forward slash ('/'). This manipulation allows unauthorized reading of files located on the server, significantly increasing the risk of sensitive information exposure. It is crucial for users of affected versions to upgrade to at least version 5.0.2 to mitigate this threat.