grunt-integration (=0.1.0) potentially affected by CVE-2016-10679 via selenium-standalone-painful (=2.39.0-2.7.0)

selenium-standalone-painful NPM version =2.39.0-2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on selenium-standalone-painful and may be impacted: - grunt-integration =0.1.0 Source cves: CVE-2016-10679 Source advisory: OSV:GHSA-3X83-P476-VV95...

GHSA-3X83-P476-VV95 Downloads Resources over HTTP in selenium-standalone-painful

Affected versions of selenium-standalone-painful insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

selenium-standalone-painful remote code execution vulnerability

selenium-standalone-painful is a program for installing command line tools for starting a selenium standalone server. A security vulnerability exists in selenium-standalone-painful that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker...

Man-in-the-Middle (MitM)

selenium-standalone-painful is vulnerable to man-in-the-middle MitM attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

CVE-2016-10679

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by...

Remote code execution

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by...

CVE-2016-10679

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by...

CVE-2016-10679

CVE-2016-10679 affects selenium-standalone-painful, where the tool downloads binaries over HTTP. This insecure download path enables a network-positioned attacker to MITM and swap the binary with a malicious copy, potentially achieving remote code execution on the host running selenium-standalone...

Downloads Resources over HTTP

Overview Affected versions of selenium-standalone-painful insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...