This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.
CPE | Name | Operator | Version |
---|---|---|---|
browserless | eq | 1.12.0 | |
browserless | eq | 1.29.0 | |
browserless | eq | 1.29.1 | |
browserless | eq | 1.3.0 | |
browserless | eq | 1.21.0 | |
browserless | eq | 1.24.0 | |
browserless | eq | 1.25.0 | |
browserless | eq | 1.10.0 | |
browserless | eq | 1.8.0 | |
browserless | eq | 1.19.0 |