Headline
GHSA-vfrj-fv6p-3cpf: Brook's tproxy server is vulnerable to a drive-by command injection.
The tproxy server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local tproxy service leading to remote code execution.
Brook’s tproxy server is vulnerable to a drive-by command injection.
Critical severity GitHub Reviewed Published May 30, 2023 in txthinking/brook • Updated Jun 6, 2023
Related news
CVE-2023-33965: tproxy web auth · txthinking/brook@314d707
Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.