Knplabs Snappy vulnerabilities
4 known vulnerabilities affecting knplabs/snappy.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-41330P2CRITICALCVSS 9.8fixed in 1.4.32023-09-06
CVE-2023-41330 [CRITICAL] CVE-2023-41330: knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a h
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page.
## Issue
On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\strpos($filename, 'phar://') === 0)` in the `prepareOutput`
nvd
CVE-2023-28115P2CRITICALCVSS 9.8fixed in 1.4.22023-03-17
CVE-2023-28115 [CRITICAL] CWE-502 CVE-2023-28115: Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Pr
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// pr
nvd
CVE-2026-46643P3HIGHCVSS 7.5fixed in 1.7.12026-06-10
CVE-2026-46643 [HIGH] CWE-78 CVE-2026-46643: Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Pr
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. is_executable() then looks for a file whose actual name contains those quote characters, w
nvd
CVE-2026-46683P3MEDIUMCVSS 6.9fixed in 1.7.02026-06-10
CVE-2026-46683 [MEDIUM] CWE-918 CVE-2026-46683: Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Pr
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0.
nvd