VDB
KO
HIGH 7.4

GHSA-fggg-964j-3j7h

Spatie Laravel Media Library contains a server-side request forgery vulnerability

Details

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedia.php.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / spatie/laravel-medialibrary
Introduced in: 0 Fixed in: 11.23.0
Fix composer require spatie/laravel-medialibrary:^11.23.0

References