VYPR

npm package

browserless-chrome

pkg:npm/browserless-chrome

Vulnerabilities (1)

  • CVE-2020-7758HigNov 2, 2020
    affected < 1.43.0fixed 1.43.0

    This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.