CVE-2020-7758: Path Traversal in browserless-chrome
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.68153%
CWE
Published
5/10/2021
Updated
2/1/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
browserless-chrome | npm | < 1.43.0 | 1.43.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability exists in route handlers processing '/workspace' endpoints. Both locations shown in the diff (lines 157 and 185 in routes.ts
) construct filePath
using path.join(workspaceDir, file)
without verifying the resulting path remains within workspaceDir
. Attackers could supply 'file' parameters with directory traversal sequences (../../) to access arbitrary files. The patch added critical containment checks using filePath.includes(workspaceDir)
, confirming these were the vulnerable points. The functions handle user-supplied filenames
directly and return file
contents, making them the clear injection points for path traversal.