SecBoard
Zurück zur CVE-Übersicht

CVE-2026-48555

HIGH(7.4)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Risk Signal Score19/100 — NIEDRIG
  • CVSS 7.4 — Hoch

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

7.4

Technische Schwere

Beschreibung

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedia.php.

GitHub Advisories

GHSA-fggg-964j-3j7hMEDIUM

Spatie Laravel Media Library contains a server-side request forgery vulnerability

composer/spatie/laravel-medialibrary11.23.0
GitHub Advisory

Referenzen