High severity7.5OSV Advisory· Published Dec 18, 2024· Updated Apr 15, 2026
CVE-2024-21547
CVE-2024-21547
Description
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
spatie/browsershotPackagist | < 5.0.2 | 5.0.2 |
Affected products
2- Range: 0.1.0, 0.1.1, 0.1.2, …
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-v528-6rq9-h6gwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21547ghsaADVISORY
- gist.github.com/chuajianshen/baa71db588cfc038fb5d65624a47be81nvdWEB
- github.com/spatie/browsershot/commit/dfc3635b83dd980e5c39f8f8c73e87723b99ca01nvdWEB
- security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8501858nvdWEB
News mentions
0No linked articles in our index yet.