CVE-2024-21549

Name of the Vulnerable Software and Affected Versions spatie/browsershot versions prior to 5.0.3

Description The issue is related to improper input validation due to incorrect URL validation through the setUrl method. An attacker can exploit this by utilizing view-source:file://, allowing for arbitrary file reading on a local file. This is a bypass of a previous fix.

Recommendations For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the setUrl method to minimize the risk of exploitation. Avoid using the view-source:file:// protocol in the affected API endpoint until the issue is resolved.