Security
Headlines

Headlines Latest CVEs

Headline

GHSA-6q49-35h6-rq2p: Browsershot version 3.57.3 vulnerable to improper input validation

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.

2 years ago

Browsershot version 3.57.3 vulnerable to improper input validation

Moderate severity GitHub Reviewed Published Nov 25, 2022 • Updated Dec 2, 2022

Related news

CVE-2022-43984: Browsershot 3.57.3 - Server Side XSS to LFR via HTML | Advisories | Fluid Attacks

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.

2 years ago

#xss #vulnerability #linux #js #git

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

19 hours ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

20 hours ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

20 hours ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

22 hours ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

22 hours ago