Muhammad Firdaus Amran

**Name of the Vulnerable Software and Affected Versions** spatie/browsershot versions prior to 5.0.1 **Description** The issue is related to improper input validation due to incorrect URL validation through the `setUrl` method. An attacker can exploit this by using leading whitespace (%20) before the `file://` protocol, resulting in Local File Inclusion. This allows the attacker to read sensitive files on the server. **Recommendations** For versions prior to 5.0.1, update to version 5.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `setUrl` method to minimize the risk of exploitation. Avoid using leading whitespace before the `file://` protocol in URLs passed to the `setUrl` method until the issue is resolved.