cve/CVE-2020-7758.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.

POC

Reference

https://snyk.io/vuln/SNYK-JS-BROWSERLESSCHROME-1023657
https://snyk.io/vuln/SNYK-JS-BROWSERLESSCHROME-1023657

Github

https://github.com/Live-Hack-CVE/CVE-2020-7758

849 B Raw Blame History

CVE-2020-7758

Description

POC

Reference

Github

849 B

Raw Blame History