Percussiveelbow

**Name of the Vulnerable Software and Affected Versions** BookStack versions prior to 0.30.5 **Description** BookStack is a platform for storing and organizing information and documentation. A user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server-side requests and/or have access to a wider scope of files within the BookStack file storage locations. **Recommendations** For versions prior to 0.30.5, upgrade to BookStack v0.30.5 to address the issue. As a temporary workaround, consider limiting page edit permissions to only those that are trusted until you can upgrade.