Brook's tproxy server is vulnerable to a drive-by command injection.
Package
Affected versions
< 20230606
Patched versions
20230606
Description
Published by the National Vulnerability Database
Jun 1, 2023
Published to the GitHub Advisory Database
Jun 6, 2023
Reviewed
Jun 6, 2023
Last updated
Nov 11, 2023
The
tproxy
server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the localtproxy
service leading to remote code execution.References