4 matches found
amaze-tdd (>=0.0.9 <=0.2.5) potentially affected by CVE-2016-10562 via iedriver (=2.53.1)
iedriver NPM version =2.53.1 is affected by a known vulnerability. The following packages have a transitive dependency on iedriver and may be impacted: - amaze-tdd =0.0.9, =0.2.5 Source cves: CVE-2016-10562 Source advisory: OSV:GHSA-JFGQ-G48X-JQ83...
CVE-2016-10562
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...
CVE-2016-10562
CVE-2016-10562 affects the npm wrapper for Selenium IEDriver, iedriver . The vulnerability arises because versions below 3.0.0 download binary resources over HTTP, enabling a network-level MITM attacker to swap the requested binary with a malicious one and potentially trigger remote code executio...
CVE-2016-10562
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...