Duplicate Advisory: `allowed_domains` can be bypassed by putting a decoy domain in http auth username portion of a URL
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x39x-9qw5-ghrf. This link is maintained to preserve external references. Original Description In browser-use aka Browser Use before 0.1.45, URL parsing of alloweddomains is mishandled because userinfo can be...