VYPR

Snappy

by Knplabs

Source repositories

CVEs (4)

  • CVE-2023-41330CriSep 6, 2023
    risk 0.57cvss 9.8epss 0.02

    knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2…

  • CVE-2023-28115CriMar 17, 2023
    risk 0.57cvss 9.8epss 0.03

    Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker…

  • CVE-2026-46643HigJun 10, 2026
    risk 0.42cvss epss 0.00

    Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included.…

  • CVE-2026-46683MedJun 10, 2026
    risk 0.38cvss epss 0.00

    Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0.