CVE-2023-41330Deserialization of Untrusted Data in Snappy

CWE-502Deserialization of Untrusted Data4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.2%
top 21.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Knplabs SnappyKnplabs Knp-snappyMsrc Azl3 Snappy 1.1.10-2 ON Azure Linux 3.0
Timeline
PublishedSep 6
Latest updateSep 12

Description

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it wi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDknplabs/snappy< 1.4.3
Packagistknplabs/knp-snappy< 1.4.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Snappy PHAR deserialization vulnerability2023-09-08
OSV
Snappy PHAR deserialization vulnerability2023-09-08

📋Vendor Advisories

1
Microsoft
Unsafe deserialization in knplabs/knp-snappy2023-09-12