CVE-2025-47241 Information

Description

In browser-use (aka Browser Use) before 0.1.45 URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.

Reference

https://github.com/browser-use/browser-use/pull/1561 https://github.com/browser-use/browser-use/releases/tag/0.1.45 https://github.com/browser-use/browser-use/security/advisories/GHSA-x39x-9qw5-ghrf