| tiêu đề | BrowserOperator browser-operator-core 0.6.0 Path Traversal |
|---|
| Mô tả | A path traversal file read vulnerability (CWE-22) has been identified in the component server of browser-operator-core, specifically within scripts/component_server/server.js. The server derives filePath directly from request.url and joins it with a base directory without proper sanitization, allowing crafted paths containing ../ sequences to traverse outside the intended documentation root. In --traces mode, the boundary check uses a weak startsWith() comparison without path separator enforcement, permitting access to sibling directories with the same prefix (e.g., traces_evil). An attacker with network access to the component server can read arbitrary files from within or adjacent to the generated DevTools output root. Version 0.6.0 is confirmed affected, and no fixed version is available at the time of reporting. |
|---|
| Nguồn | ⚠️ https://github.com/BrowserOperator/browser-operator-core/issues/96 |
|---|
| Người dùng | BruceJin (UID 96538) |
|---|
| Đệ trình | 11/04/2026 08:18 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 27/04/2026 19:04 (16 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 359843 [BrowserOperator browser-operator-core đến 0.6.0 server.js startsWith request.url duyệt thư mục] |
|---|
| điểm | 20 |
|---|