Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote malicious users to read absolute paths on the server by examining the "_where" attribute of package.json files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google rendertron 1.0.0 |