CVE-2023-28115: RCE vulnerability affects the popular PHP library, Snappy
Snappy, a popular PHP library with over 11 million downloads, is designed to facilitate the generation of thumbnails, snapshots, or PDFs from a URL or an HTML page. It leverages the renowned webkit-based wkhtmltopdf and wkhtmltoimage utilities available on OSX, Linux, and Windows platforms. Recently, a critical vulnerability—CVE-2023-28115—has been identified, prompting the release of an updated version to mitigate the risk.
Photo by Ben Griffiths on Unsplash
Understanding the Vulnerability: CVE-2023-28115
This vulnerability, which carries a Common Vulnerability Scoring System (CVSS) score of 9.8 as calculated by GitHub, pertains to remote code execution (RCE) within KNP Labs’ Snappy. The issue stems from an unsafe deserialization in the file_exists() function, which could allow a remote authenticated attacker to execute arbitrary code on the system. By exploiting this vulnerability with a specially crafted file, an attacker could potentially gain control of the system.
Technical Description and Impact
Snappy is susceptible to PHAR deserialization due to insufficient protocol checking before passing it into the file_exists() function. If an attacker can upload files of any type to the server, they can pass the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This situation can result in RCE, particularly when Snappy is used alongside frameworks with documented property-oriented programming (POP) chains, such as Laravel and Symfony, or vulnerable developer code. If a user can control the output file from the generateFromHtml() function, it will invoke deserialization.
The impact of this vulnerability can lead to RCE if Snappy is used with frameworks or developer code containing vulnerable POP chains.
Version Information and Mitigation
The vulnerability affects Snappy versions up to and including 1.4.1. To secure your systems, it is recommended that you update your Snappy installation to version 1.4.2, which is not affected by this vulnerability.
Stay Secure with Snappy Updates
To maintain the security of your applications and protect against potential exploits, it is crucial to keep your Snappy installation up to date. By upgrading to the latest version, you can ensure that your systems remain safeguarded against this critical remote code execution vulnerability.
