EUVD-2019-0298

Malware in sbrugna...

GHSA-H4MC-R4F4-HCF4 selenium-binaries downloads resources over HTTP

Versions of selenium-binaries prior to 0.15.0 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

selenium-binaries downloads resources over HTTP

Versions of selenium-binaries prior to 0.15.0 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

selenium-web-checker (>=1.0.0 <=1.0.3), webdriver-sync (>=1.0.0 <=1.0.1) potentially affected by CVE-2016-10589 via selenium-binaries (>=0.11.0 <=0.13.11)

selenium-binaries NPM version =0.11.0, =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2016-10589 Source advisory: OSV:GHSA-H4MC-R4F4-HCF4...

selenium-binaries code execution vulnerability

selenium-binaries is a tool for downloading Selenium-related binaries for your operating system. A security vulnerability exists in selenium-binaries that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing...

Man In The Middle (MitM)

selenium-binaries is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binary resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...