CVE-2020-7790: browsershot local file inclusion vulnerability
5.3
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.4966%
CWE
Published
5/24/2022
Updated
2/1/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
spatie/browsershot | composer | < 3.40.1 | 3.40.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from how the Puppeteer instance handled URLs in bin/browser.js
. The unpatched code directly passed user-controlled URLs to page.goto()
, including file://
protocol URLs. The fix in commit 8d4bcfb introduced a check for file://
URLs and switched to page.setContent()
for safer local HTML rendering. The PHP method Browsershot::html()
created temporary files with file://
URLs, but the root vulnerability was in the JavaScript navigation logic.