EUVD-2019-0202

Malware in sbrugna...

EUVD-2019-0216

Malware in sbrugna...

GHSA-2MVM-66Q7-M256 Downloads Resources over HTTP in selenium-download

Affected versions of selenium-download insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

Downloads Resources over HTTP in selenium-download

Affected versions of selenium-download insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

selenium-download code execution vulnerability

selenium-download is a tool for downloading the latest versions of the selenium standalone server and chromedriver. A security vulnerability exists in selenium-download versions prior to 2.0.7, which arises when the program downloads binary resources over the HTTP protocol. A remote attacker can...

CVE-2016-10559

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

Remote code execution

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

CVE-2016-10559

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

CVE-2016-10559

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

Man-in-the-Middle (MitM) Attacks

selenium-download is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, allowing a malicious user to swap out the requested binary with another binary for the system to execute...

Downloads Resources over HTTP

Overview Affected versions of selenium-download insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...