When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked
The root cause is the payload source:file:///etc/passwdpasses the regex here and also passes the check here where a traditional file:///etc/passwd would get blocked
CL-ChangeDetection.io Path Travsersal-311024-181039.pdf
It depends on where the webdriver is deployed but generally this is a high impact vulnerability
{ "nvd_published_at": "2024-11-01T17:15:18Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-11-01T21:39:13Z" }