Rendertron 1.0.0 includes an _ah/stop
route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application.
{ "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:58:46Z", "nvd_published_at": null, "cwe_ids": [ "CWE-284" ], "severity": "HIGH" }