SYM_JSTS_0140 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Exposing Puppeteer's remote debugging interface without proper authentication allows anyone on the network to connect and control the browser. This can lead to unauthorized access and manipulation of browser sessions.
Impact
An attacker could execute arbitrary code, steal sensitive data, or compromise the system running Puppeteer by exploiting the open debugging interface. This puts both application data and user privacy at significant risk.