Name of the Vulnerable Software and Affected Versions:

Snappy versions prior to 1.4.2

Description:

The issue is related to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file exists()` function. If an attacker can upload files of any type to the server, they can pass in the `phar://` protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when Snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the `generateFromHtml()` function, it will invoke deserialization. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations:

For Snappy versions prior to 1.4.2, update to version 1.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `generateFromHtml()` function to minimize the risk of exploitation. Additionally, restrict the ability to upload files of any type to the server to prevent potential attacks.