Vulnerability Details CVE-2022-41706
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.8%
CVSS Severity
CVSS v3 Score 8.2
References
Products affected by CVE-2022-41706
-
cpe:2.3:a:spatie:browsershot:3.57.2