Описание
chromedriver Downloads Resources over HTTP
Affected versions of chromedriver insecurely download resources over HTTP.
In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary file, replacing it with a malicious one.
Recommendation
Update to version 2.26.1 or later.
Пакеты
chromedriver
< 2.25.2
2.25.2
Связанные уязвимости
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.