CVE-2024-21544
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 13, 2024
CWE ID 20
Summary
CVE-2024-21544 is a vulnerability affecting versions of the spatie/browsershot package below 5.0.1. This issue stems from inadequate URL validation through the setUrl method, leading to Improper Input Validation. An attacker can exploit this flaw by introducing leading whitespace (%20) before the file:// protocol, triggering Local File Inclusion. Successful exploitation grants the attacker the ability to read sensitive files residing on the targeted server.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share