Description

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. This has been patched in version 2.1.2.

Remediation

References

https://github.com/browserup/browserup-proxy/commit/4b38e7a3e20917e5c3329d0d4e9590bed9d578ab

https://github.com/browserup/browserup-proxy/releases/tag/v2.1.2

https://github.com/browserup/browserup-proxy/security/advisories/GHSA-wmfg-55f9-j8hq

https://securitylab.github.com/research/bean-validation-RCE

Related Vulnerabilities

CVE-2023-3691 Vulnerability in npm package layui

CVE-2023-24998 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2023-26136 Vulnerability in npm package tough-cookie

CVE-2018-1000118 Vulnerability in npm package electron

CVE-2018-3721 Vulnerability in maven package org.webjars.npm:lodash.merge

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Patch Third Party Advisory Exploit NVD-CWE-noinfo