54 matches found
EUVD-2019-0188
Malware in sbrugna...
EUVD-2021-0729
Malware in sbrugna...
EUVD-2019-0187
Malware in sbrugna...
EUVD-2019-0175
Malware in sbrugna...
EUVD-2019-0348
Malware in sbrugna...
CVE-2020-8902
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...
SUSE CVE-2017-18355
Installed packages are exposed by nodemodules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "where" attribute of package.json files...
SUSE CVE-2017-18353
Rendertron 1.0.0 includes an ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application...
SUSE CVE-2017-18354
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion LFI bug where arbitrary files can be read by a remote attacker...
SUSE CVE-2017-18352
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting XSS from invalid URLs...
JetBlue: XSS via Vuln Rendertron Instance At `██████████.jetblue.com/render/*`
A vulnerability was discovered in a Rendertron instance at a subdomain of a website, allowing for a reflected XSS attack. An attacker could exploit this vulnerability to execute malicious code on a victim's browser and potentially steal sensitive information...
Server-Side Request Forgery
Overview rendertron prior to version 3.0.0 is susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Recommendation Upgrade t...
SSRF in Rendertron
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...
GHSA-XR9H-9M79-X29G SSRF in Rendertron
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...
Server-Side Request Forgery (SSRF)
rendertron is vulnerable to sever-side request forgery SSRF. The vulnerability exists as it allows the headless chrome to access the internal domains, forcing the rendertron headless chrome process to render internal sites and display the response as a screenshot...
CVE-2020-8902
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...
CVE-2020-8902
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...
Server side request forgery (ssrf)
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...
CVE-2020-8902
Summary (CVE-2020-8902): Rendertron versions prior to 3.0.0 are vulnerable to an SSRF flaw. An attacker can craft a webpage that causes a headless Chrome process used by Rendertron to render internal sites accessible to the system, potentially exposing internal resources as screenshots. Affected ...
CVE-2020-8902 SSRF in Rendertron
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...