Description

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function.

Remediation

References

https://snyk.io/vuln/SNYK-JS-OPBROWSER-564259

https://github.com/hiproxy/open-browser/blob/master/lib/index.js#L75%2C

Related Vulnerabilities

CVE-2022-22138 Vulnerability in npm package fast-string-search

CVE-2022-31160 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

CVE-2023-33544 Vulnerability in maven package io.hawt:hawtio-system

CVE-2022-43432 Vulnerability in maven package org.jenkins-ci.plugins:xframium

CVE-2022-28157 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory