CVE-2024-21544

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 13, 2024
CWE ID 20

Summary

CVE-2024-21544 is a vulnerability affecting versions of the spatie/browsershot package below 5.0.1. This issue stems from inadequate URL validation through the setUrl method, leading to Improper Input Validation. An attacker can exploit this flaw by introducing leading whitespace (%20) before the file:// protocol, triggering Local File Inclusion. Successful exploitation grants the attacker the ability to read sensitive files residing on the targeted server.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share