2 matches found
browsertime (>=1.0.0-alpha.0 <=1.0.0-beta.17), gome-sitespeed.io (>=1.0.0 <=1.2.3) +6 more potentially affected by CVE-2016-10694 via alto-saxophone (>=2.21.0 <=2.25.0)
alto-saxophone NPM version =2.21.0, =1.0.0-alpha.0, =1.0.0, =1.0.0, =4.0.0, =0.2.0, =0.1.0, =0.1.3 Source cves: CVE-2016-10694 Source advisory: OSV:GHSA-2P69-GXPM-5469...
CVE-2016-10694
The CVE-2016-10694 entry concerns the alto-saxophone module used to install and launch Chromedriver on Mac, Linux, or Windows. Versions below 2.25.1 download binary resources over HTTP, allowing MITM manipulation of the binary and potentially enabling remote code execution if an attacker on the n...