Описание
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.
A null pointer dereference flaw was found in Selenium IEDriver. This issue causes the driver to crash when selenium gets the cookies from an attacker controlled page, which could leave the application unavailable.
Отчет
Successful exploitation of this issue depends on the IE Driver being used and also available to the external malicious user to redirect to a malicious page in order to consume a malicious cookie that may crash the environment. Therefore, this flaw is rated as having a Moderate impact. Red Hat Single Sign-On uses part of the integration tests only, therefore, it is rated as a Low impact.
Меры по смягчению последствий
No mitigation is currently known for the IE Driver. If possible, opt for another browser driver.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AMQ Broker 7 | selenium | Not affected | ||
| Red Hat build of Apicurio Registry 2 | selenium | Not affected | ||
| Red Hat Decision Manager 7 | selenium | Not affected | ||
| Red Hat Fuse 7 | selenium | Not affected | ||
| Red Hat Integration Camel K 1 | selenium | Not affected | ||
| Red Hat Integration Camel Quarkus 2 | selenium | Not affected | ||
| Red Hat JBoss Data Grid 7 | selenium | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | selenium | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | selenium | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | selenium | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.
EPSS
7.5 High
CVSS3