Lucene search

CVE-2016-10696

🗓️ 04 Jun 2018 19:00:29Reported by hackeroneType

windows-latestchromedriver downloads latest chromedriver.exe over HTTP, vulnerable to MITM attacks. Possible RCE

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Prion	Remote code execution	4 Jun 201819:29	–	prion
Cvelist	CVE-2016-10696	4 Jun 201819:00	–	cvelist
Node.js	Downloads Resources over HTTP	2 Dec 201604:55	–	nodejs
OSV	Downloads Resources over HTTP in windows-latestchromedriver	1 Sep 202016:14	–	osv
NVD	CVE-2016-10696	4 Jun 201819:29	–	nvd
Github Security Blog	Downloads Resources over HTTP in windows-latestchromedriver	1 Sep 202016:14	–	github
Veracode	Man-in-the-Middle (MitM)	3 Jan 201706:49	–	veracode

Nvd

Node

windows-latestchromedriver_project windows-latestchromedriverMatch0.1.0node.js

[
  {
    "product": "windows-latestchromedriver node module",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Source	Link
nodesecurity	www.nodesecurity.io/advisories/295

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Jun 2018 19:29Current

8.3High risk

Vulners AI Score8.3

CVSS29.3

CVSS38.1

EPSS0.00774