Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Exposing Puppeteer’s remote debugging interface without proper authentication allows anyone on the network to connect and control the browser. This can lead to unauthorized access and manipulation of browser sessions.
Impact#
An attacker could execute arbitrary code, steal sensitive data, or compromise the system running Puppeteer by exploiting the open debugging interface. This puts both application data and user privacy at significant risk.