SYM_JSTS_0150 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Exposing Playwright's remote debugging interface without authentication allows anyone on the network to connect and control browser sessions. This creates a risk where unauthorized users could access or manipulate your automated browser processes.
Impact
If exploited, an attacker could execute arbitrary code, steal sensitive data, or manipulate browser actions, potentially leading to data breaches or system compromise. This can undermine the security and integrity of your application and expose internal resources.