High severity vulnerability that affects rendertron

ID GHSA-4Q69-Q4Q7-X82C
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:05


Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application.