Audit
puppeteer-evaluate-code-injection
puppeteer-evaluate-code-injection
If unverified user data can reach the evaluate
method it can result in Server-Side Request Forgery vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)
puppeteer-evaluate-arg-injection
puppeteer-evaluate-arg-injection
If unverified user data can reach the evaluate
method it can result in Server-Side Request Forgery vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)
puppeteer-goto-injection
puppeteer-goto-injection
If unverified user data can reach the goto
method it can result in Server-Side Request Forgery vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)
puppeteer-exposed-chrome-devtools
puppeteer-exposed-chrome-devtools
Remote debugging protocol does not perform any authentication, so exposing it too widely can be a security risk.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection
puppeteer-setcontent-injection
puppeteer-setcontent-injection
If unverified user data can reach the setContent
method it can result in Server-Side Request Forgery vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)