Bug: Arbitrary File Read via Playwright's Screenshot Feature Exploiting File Wrapper #47
Comments
|
@timoxoszt This is amazing! Thank you very much for this report. I will get these changes in ASAP 👍 |
prevent file:// URI scheme in Playwright screenshots A critical vulnerability was discovered in a web application feature that utilizes Playwright's screenshot capability. Attackers could exploit this vulnerability by using the file:// URI scheme to read arbitrary files on the server's filesystem, potentially exposing sensitive information, such as AWS credentials. This commit addresses the vulnerability by implementing proper input validation and sanitization to prevent the use of the file:// URI scheme in Playwright screenshot requests, mitigating the risk of unauthorized file access. resolves #47
prevent file:// URI scheme in Playwright screenshots A critical vulnerability was discovered in a web application feature that utilizes Playwright's screenshot capability. Attackers could exploit this vulnerability by using the file:// URI scheme to read arbitrary files on the server's filesystem, potentially exposing sensitive information, such as AWS credentials. This commit addresses the vulnerability by implementing proper input validation and sanitization to prevent the use of the file:// URI scheme in Playwright screenshot requests, mitigating the risk of unauthorized file access. resolves #47
prevent file:// URI scheme in Playwright screenshots A critical vulnerability was discovered in a web application feature that utilizes Playwright's screenshot capability. Attackers could exploit this vulnerability by using the file:// URI scheme to read arbitrary files on the server's filesystem, potentially exposing sensitive information, such as AWS credentials. This commit addresses the vulnerability by implementing proper input validation and sanitization to prevent the use of the file:// URI scheme in Playwright screenshot requests, mitigating the risk of unauthorized file access. resolves #47
prevent file:// URI scheme in Playwright screenshots A critical vulnerability was discovered in a web application feature that utilizes Playwright's screenshot capability. Attackers could exploit this vulnerability by using the file:// URI scheme to read arbitrary files on the server's filesystem, potentially exposing sensitive information, such as AWS credentials. This commit addresses the vulnerability by implementing proper input validation and sanitization to prevent the use of the file:// URI scheme in Playwright screenshot requests, mitigating the risk of unauthorized file access. resolves #47
|
Hello @jasonraimondi, Would you mind publishing a CVE for this? |
|
Hey @timoxoszt, not entirely sure how to do that. I don't mind doing it, I'm just not sure what to do. Do you have an example you can point me towards? |
|
Hey @jasonraimondi, This guide on GitHub walks through publishing a security advisory, which should include publishing a CVE: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory |
|
Hello @jasonraimondi , I hope you're having a good day. I would like to request an update on the status of this CVE. I noticed that GHSA-665w-mwrr-77q3 was published last week. If you haven't already submitted a CVE Request, please scroll to the bottom of the advisory form and click Request CVE.
Thank you, and I look forward to hearing from you soon. |
|
@timoxoszt Just clicked that button 👍 |
Hello @jasonraimondi,
I have a vulnerability report.
Please see the attached PDF for detailed information.
Arbitrary File Read via Playwright's Screenshot Feature Exploiting File Wrapper.pdf
Thanks.
The text was updated successfully, but these errors were encountered: