Yesuhei

**Name of the Vulnerable Software and Affected Versions** FileBrowser Quantum versions prior to 1.3.1-stable FileBrowser Quantum versions prior to 1.3.9-beta **Description** Attacker-controlled path input is joined with a trusted base path before sanitization, enabling the use of traversal sequences such as `../` to escape the intended shared directory. An unauthenticated attacker with a valid public share hash and delete permissions can delete arbitrary files outside the shared directory within the storage scope of the share owner. This issue affects the 'public/api/resources' and 'public/api/resources/bulk' endpoints, specifically involving the `path` parameter. **Recommendations** Update to version 1.3.1-stable. Update to version 1.3.9-beta.

**Name of the Vulnerable Software and Affected Versions** PinchTab versions 0.8.3 through 0.8.5 **Description** PinchTab versions 0.8.3 through 0.8.5 contain a security bypass that allows arbitrary JavaScript execution through the `POST /wait` and `POST /tabs/{id}/wait` API endpoints when using `fn` mode, even if `security.allowEvaluate` is disabled. The `POST /evaluate` endpoint correctly enforces the `security.allowEvaluate` guard, but the affected versions of `POST /wait` accept a user-controlled `fn` expression, embed it directly into executable JavaScript, and evaluate it in the browser context without the same policy check. Exploitation requires authenticated API access with a server token, enabling an attacker to execute arbitrary JavaScript in a tab context, even when JavaScript evaluation is explicitly disabled by the operator. The issue stems from the lack of a policy check in the `fn` mode of the `/wait` endpoint, while the `/evaluate` endpoint enforces the `security.allowEvaluate` setting. The `fn` mode builds executable JavaScript from the request field and passes it to `chromedp.Evaluate`, allowing a caller to supply expressions with side effects. **Recommendations** Update to a newer version of PinchTab that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `fn` mode in the `/wait` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PinchTab versions prior to 0.8.5 **Description** PinchTab, a standalone HTTP server for controlling a Chrome browser with AI agents, contains a Windows-only command injection issue within the orphaned Chrome cleanup path. The issue arises because the software builds a PowerShell `-Command` string using a `needle` derived from the profile path, escaping backslashes but failing to neutralize other PowerShell metacharacters. An attacker who can launch an instance with a crafted profile name and then trigger the cleanup path may be able to execute arbitrary PowerShell commands on the Windows host in the security context of the PinchTab process user. This requires authenticated, administrative-equivalent API access to instance lifecycle endpoints. The vulnerable code is located in `internal/bridge/cleanup windows.go`. The attack path involves using the `POST /instances/launch` and `POST /instances/{id}/stop` API endpoints. The `needle` value is derived from the instance/profile name used during launch. **Recommendations** Versions prior to 0.8.5 should be updated to version 0.8.5 or later. Do not interpolate user-influenced values into PowerShell `-Command` strings. Pass search terms through environment variables or structured arguments instead of code generation. Keep strict validation on profile names. Add regression tests covering PowerShell metacharacters in profile-derived values on Windows.

**Name of the Vulnerable Software and Affected Versions** PinchTab versions 0.8.2 and below **Description** PinchTab, a standalone HTTP server providing AI agents control over a Chrome browser, contains a Blind Server-Side Request Forgery (SSRF) condition in the '/download' endpoint. The `validateDownloadURL()` function only validates the initial URL provided by the user. However, the embedded Chromium browser can follow attacker-controlled redirects and navigations to internal network addresses after this initial validation. An attacker-controlled page can use JavaScript redirects or resource requests to make the browser access internal services from the PinchTab host, resulting in a blind SSRF against internal-only services. Exploitation requires `security.allowDownload=true` to be enabled, which is disabled by default, limiting real-world impact. The issue allows bypassing the /download URL validation and causing the embedded Chromium browser to make requests to internal network services, potentially interacting with sensitive services or cloud metadata endpoints. The `/download` endpoint validates only the initial URL provided by the user using `validateDownloadURL()` to prevent requests to internal or private network addresses. The validation is only applied to the initial URL and not to subsequent browser-issued request targets. **Recommendations** Versions prior to 0.8.3: Apply the same URL safety policy to every browser-issued request in the `/download` flow, not only the initial user-supplied URL, and block requests to loopback, private, link-local, and other non-public network ranges inside the Chromium browser context.