grunt-integration (=0.1.0) potentially affected by CVE-2016-10679 via selenium-standalone-painful (=2.39.0-2.7.0)

selenium-standalone-painful NPM version =2.39.0-2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on selenium-standalone-painful and may be impacted: - grunt-integration =0.1.0 Source cves: CVE-2016-10679 Source advisory: OSV:GHSA-3X83-P476-VV95...

CVE-2016-10679

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by...

CVE-2016-10679

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by...

CVE-2016-10679

CVE-2016-10679 affects selenium-standalone-painful, where the tool downloads binaries over HTTP. This insecure download path enables a network-positioned attacker to MITM and swap the binary with a malicious copy, potentially achieving remote code execution on the host running selenium-standalone...