CVE-2020-7758

Name of the Vulnerable Software and Affected Versions browserless-chrome versions prior to 1.43.0

Description The issue affects browserless-chrome, where user input from the "workspace endpoint" is used to create a file path filePath. This filePath is then fetched and sent back to the user, allowing for the potential to escape and fetch arbitrary files from a server.

Recommendations For versions prior to 1.43.0, update to version 1.43.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the workspace endpoint to minimize the risk of exploitation. Avoid using user input to create file paths until the issue is resolved.