{"id":6956,"date":"2025-06-16T21:37:26","date_gmt":"2025-06-16T21:37:26","guid":{"rendered":"http:\/\/localhost\/?p=6956"},"modified":"2025-06-16T21:37:26","modified_gmt":"2025-06-16T21:37:26","slug":"steel-browser-filesroutests-handlefileupload-path-traversal","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6956","title":{"rendered":"Steel Browser files.routes.ts handleFileUpload path traversal"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nSteel Browser files.routes.ts handleFileUpload path traversal<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-17T01:31:05.835Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nSteel<\/td>\n<\/tr>\n
Product<\/th>\nBrowser<\/td>\n<\/tr>\n
Version<\/th>\n0.1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:X<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical path traversal vulnerability exists in Steel Browser versions up to 0.1.3, allowing remote attackers to manipulate file paths and potentially access or modify sensitive files. The issue is fixed in patch 7ba93a10000fb77ee01731478ef40551a27bd5b9.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
Vendor<\/th>\nSteel<\/td>\n<\/tr>\n
Product<\/th>\nSteel Browser<\/td>\n<\/tr>\n
Affected Version<\/th>\n0.1.0, 0.1.1, 0.1.2, 0.1.3<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n