Erb3

**Name of the Vulnerable Software and Affected Versions** changedetection.io versions prior to 0.47.06 **Description** The validation for the file URI scheme in changedetection.io falls short, allowing an attacker to read any file on the system. This issue only affects instances with a webdriver enabled and `ALLOW FILE URI` set to false or not defined. The `is safe url` check allows `file:` as a URL scheme, but later checks for local file permission require the URL to start with `file://`. However, the file URI scheme does not require double slashes, leading to the vulnerability. **Recommendations** For versions prior to 0.47.06, upgrade to version 0.47.06 to address the issue. As a temporary workaround, consider disabling the webdriver or setting `ALLOW FILE URI` to true until the upgrade can be applied. Restrict access to the `is safe url` function to minimize the risk of exploitation. Avoid using the `file:` scheme in URLs until the issue is resolved.