7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7758

GHSA ID

GHSA-8p9r-f949-699g

EPSS Score

0.68153%

CWE

CWE-22

Published

5/10/2021

Updated

2/1/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-7758

CVE-2020-7758: Path Traversal in browserless-chrome

This affects all versions of browserless-chrome before 1.43.0. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7758

GHSA ID

GHSA-8p9r-f949-699g

EPSS Score

0.68153%

CWE

CWE-22

Published

5/10/2021

Updated

2/1/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
browserless-chrome	npm	< 1.43.0	1.43.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in route handlers processing '/workspace' endpoints. Both locations shown in the diff (lines 157 and 185 in routes.ts) construct filePath using path.join(workspaceDir, file) without verifying the resulting path remains within workspaceDir. Attackers could supply 'file' parameters with directory traversal sequences (../../) to access arbitrary files. The patch added critical containment checks using filePath.includes(workspaceDir), confirming these were the vulnerable points. The functions handle user-supplied filenames directly and return file contents, making them the clear injection points for path traversal.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is *****ts *ll v*rsions o* *rows*rl*ss-**rom* ***or* *.**.*. Us*r input *lowin* *rom t** worksp*** *n*point **ts us** to *r**t* * *il* p*t* *il*P*t* *n* t*is is **t**** *n* t**n s*nt ***k to * us*r. T*is **n ** *s**p** to **t** *r*itr*ry *il*s *rom

Reasoning

T** vuln*r**ility *xists in rout* **n*l*rs pro**ssin* '/worksp***' *n*points. *ot* lo**tions s*own in t** *i** (lin*s *** *n* *** in `rout*s.ts`) *onstru*t `*il*P*t*` usin* `p*t*.join(worksp****ir, *il*)` wit*out v*ri*yin* t** r*sultin* p*t* r*m*ins

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-7758: Path Traversal in browserless-chrome

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI