What is GHSA-fggg-964j-3j7h?

GHSA-fggg-964j-3j7h is a security advisory published by GitHub Security Advisories with Medium severity. Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery...

Which CVE IDs does GHSA-fggg-964j-3j7h cover?

GHSA-fggg-964j-3j7h covers the following CVE IDs: CVE-2026-48555. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-fggg-964j-3j7h?

GHSA-fggg-964j-3j7h has a CVSS v3 base score of 7.4, published by GitHub Security Advisories.

GHSA-fggg-964j-3j7hMediumCVSS 7.4

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-48555 →

📋 Description

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedia.php.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-48555
https://github.com/spatie/laravel-medialibrary/pull/3939
https://github.com/spatie/laravel-medialibrary/commit/608ea03703d3887c46434f5dda6af56de6346aba
https://github.com/spatie/laravel-medialibrary/releases/tag/11.23.0
https://www.vulncheck.com/advisories/spatie-laravel-media-library-ssrf-via-addmediafromurl
https://github.com/advisories/GHSA-fggg-964j-3j7h