CVE-2020-7758

Path Traversal in npm/browserless-chrome

Identifier

CVE-2020-7758

Package Slug

npm/browserless-chrome

Vulnerability

Path Traversal

Description

This affects all versions of package browserless-chrome. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.

Affected Versions

All versions

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-11-13

source