EUVD-2019-0250

Malware in sbrugna...

GHSA-3C87-R9F7-QFGQ Downloads Resources over HTTP in macaca-chromedriver-zxa

Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

Downloads Resources over HTTP in macaca-chromedriver-zxa

Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

macaca-android-dingtalk (=1.0.30) potentially affected by CVE-2016-10586 via macaca-chromedriver (=1.0.15)

macaca-chromedriver NPM version =1.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on macaca-chromedriver and may be impacted: - macaca-android-dingtalk =1.0.30 Source cves: CVE-2016-10586 Source advisory: OSV:GHSA-769C-QPHH-G3WM...

GHSA-769C-QPHH-G3WM Downloads Resources over HTTP in macaca-chromedriver

Affected versions of macaca-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

Downloads Resources over HTTP in macaca-chromedriver

Affected versions of macaca-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

macaca-chromedriver code execution vulnerability

macaca-chromedriver is a package for installing selenium chromedriver. A security vulnerability exists in macaca-chromedriver versions prior to 1.0.29, which originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing...

CVE-2016-10586

macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10586

macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

Remote code execution

macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10586

macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10586

CVE-2016-10586 affects the macaca-chromedriver Node.js wrapper for Selenium’s chromedriver. The vulnerability arises because it downloads binary resources over HTTP, enabling a man-in-the-middle (MITM) attacker to swap the requested binary with a malicious one, potentially causing remote code exe...

Man In The Middle (MitM)

macaca-chromedriver is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binary resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on th...

Downloads Resources over HTTP

Overview Affected versions of macaca-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...