CVE-2023-28115

Name of the Vulnerable Software and Affected Versions Snappy versions prior to 1.4.2

Description The issue is related to PHAR deserialization due to a lack of checking on the protocol before passing it into the file exists() function. If an attacker can upload files of any type to the server, they can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when Snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the generateFromHtml() function, it will invoke deserialization. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Snappy versions prior to 1.4.2, update to version 1.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the generateFromHtml() function to minimize the risk of exploitation. Additionally, restrict the ability to upload files of any type to the server to prevent potential attacks.