| 제목 | BrowserOperator browser-operator-core 0.6.0 Path Traversal |
|---|
| 설명 | A path traversal file read vulnerability (CWE-22) has been identified in the component server of browser-operator-core, specifically within scripts/component_server/server.js. The server derives filePath directly from request.url and joins it with a base directory without proper sanitization, allowing crafted paths containing ../ sequences to traverse outside the intended documentation root. In --traces mode, the boundary check uses a weak startsWith() comparison without path separator enforcement, permitting access to sibling directories with the same prefix (e.g., traces_evil). An attacker with network access to the component server can read arbitrary files from within or adjacent to the generated DevTools output root. Version 0.6.0 is confirmed affected, and no fixed version is available at the time of reporting. |
|---|
| 원천 | ⚠️ https://github.com/BrowserOperator/browser-operator-core/issues/96 |
|---|
| 사용자 | BruceJin (UID 96538) |
|---|
| 제출 | 2026. 04. 11. AM 08:18 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 27. PM 07:04 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359843 [BrowserOperator browser-operator-core 까지 0.6.0 server.js startsWith request.url 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|