Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RCE Vulnerability in puppeter-core #456

Closed
Feribv opened this issue Jan 8, 2024 · 1 comment · Fixed by #459
Closed

RCE Vulnerability in puppeter-core #456

Feribv opened this issue Jan 8, 2024 · 1 comment · Fixed by #459
Assignees
@tw4l

Comments

@Feribv
Copy link

Feribv commented Jan 8, 2024

Hello,

Testing the Application's security, I've noticed that puppeter-core 20.7.4 should be updated to at least 2.8.2 as it is vulnerable
image

Could somebody update this in the next release?
Thank you!
tw4l added a commit that referenced this issue Jan 15, 2024
@tw4l
Bump puppeteer-core to ^21.7.0
c1a0338 
Resolves #456
@tw4l tw4l mentioned this issue Jan 15, 2024
Merged
tw4l added a commit that referenced this issue Jan 15, 2024
@tw4l
Bump puppeteer-core to ^20.8.2
dfb2af1 
Resolves #456
@tw4l tw4l moved this from Triage to In Review in Webrecorder Projects Jan 15, 2024
@tw4l tw4l self-assigned this Jan 15, 2024
@tw4l
Copy link
Member

tw4l commented Jan 15, 2024

PR with fix is in: #459

ikreymer pushed a commit that referenced this issue Jan 15, 2024
@tw4l
Bump puppeteer-core to ^20.8.2 to patch vulnerability (#459)
cd3a1b0 
Fixes #456
@github-project-automation github-project-automation bot moved this from In Review to Done! in Webrecorder Projects Jan 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tw4l tw4l

Labels
None yet
Projects
Webrecorder Projects
Status: Done!
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump puppeteer-core to ^20.8.2 to patch vulnerability webrecorder/browsertrix-crawler
2 participants
@tw4l @Feribv