Knplabs Snappy vulnerabilities

CVE-2023-41330 [CRITICAL] CVE-2023-41330: knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a h knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\strpos($filename, 'phar://') === 0)` in the `prepareOutput`

CVE-2023-28115 [CRITICAL] CWE-502 CVE-2023-28115: Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Pr Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// pr