प्लेटफ़ॉर्म
php
घटक
spatie/browsershot
में ठीक किया गया
5.0.2
5.0.2
CVE-2024-21547 is a Directory Traversal vulnerability discovered in the spatie/browsershot PHP package. This flaw allows attackers to potentially read arbitrary files on the server by exploiting improper URI normalization. Versions of the package prior to 5.0.2 are affected. A fix has been released in version 5.0.2.
The vulnerability stems from a flaw in how spatie/browsershot handles file URLs. Specifically, the package fails to properly sanitize file URLs, allowing an attacker to bypass a supposed file:// check. By crafting a malicious file URL containing escaped backslashes (e.g., file:\\/etc/passwd), an attacker can trick the package into accessing files outside of the intended directory. This could lead to the exposure of sensitive configuration files, source code, or other critical data stored on the server. The potential impact is significant, as an attacker could gain a deeper understanding of the application's architecture and potentially exploit other vulnerabilities.
This vulnerability was publicly disclosed on December 18, 2024. There are currently no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of this writing. The ease of exploitation is relatively low due to the need for careful URL crafting, but the potential impact is high if successful.
Applications using the spatie/browsershot package in their PHP projects are at risk. This includes websites and web applications that rely on browsershot for generating screenshots or PDFs from web pages. Shared hosting environments where the spatie/browsershot package is installed globally are particularly vulnerable.
• php / composer:
composer show spatie/browsershotIf the version is <=5.0.1, the system is vulnerable. • generic web:
curl -I 'http://your-website.com/browsershot?url=file:\\\/etc/passwd' # Check for 200 OK and file content in response• generic web:
Check access logs for requests containing file:\\\
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.05% (16% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation is to upgrade to version 5.0.2 or later of the spatie/browsershot package. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious file URLs with escaped backslashes. Input validation should be implemented to strictly control the allowed file paths and prevent the use of relative paths or URL manipulation techniques. Additionally, review your application's file handling logic to ensure that all file access is properly validated and sanitized. After upgrading, confirm the fix by attempting to access a restricted file via a crafted URL (e.g., file:\\/etc/passwd) and verifying that access is denied.
Actualice la biblioteca spatie/browsershot a la versión 5.0.2 o superior. Esto solucionará la vulnerabilidad de path traversal. Ejecute `composer update spatie/browsershot` para actualizar a la versión segura.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-21547 is a Directory Traversal vulnerability affecting versions of spatie/browsershot before 5.0.2, allowing attackers to read arbitrary files on the server.
You are affected if you are using spatie/browsershot version 5.0.1 or earlier. Check your composer.json file to determine your version.
Upgrade to version 5.0.2 or later of the spatie/browsershot package using composer require spatie/browsershot:^5.0.2.
As of December 2024, there are no confirmed reports of active exploitation, but it is crucial to apply the fix promptly.
Refer to the spatie/browsershot GitHub repository for updates and advisories: https://github.com/spatie/browsershot
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।