GHSA-WR2C-PPJ9-F2FV Downloads Resources over HTTP in webdrvr

Affected versions of webdrvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

grunt-kommando (>=0.1.0 <=0.1.1), kommando (>=0.0.1 <=1.0.0) potentially affected by CVE-2016-10601 via webdrvr (>=2.35.0-6 <=2.41.0-0)

webdrvr NPM version =2.35.0-6, =0.1.0, =0.0.1, =1.0.0 Source cves: CVE-2016-10601 Source advisory: OSV:GHSA-WR2C-PPJ9-F2FV...

Downloads Resources over HTTP in webdrvr

Affected versions of webdrvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

Webdrvr Code Execution Vulnerability

webdrvr is a browser automation framework. A security vulnerability exists in webdrvr that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with a binary under their control to execut...

Man-in-the-Middle(MitM)

webdrvr is vulnerable to man-in-the-middle MitM attacks. This is possible because the package allows the downloading of binary resources via HTTP. This may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10601

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

CVE-2016-10601

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

Remote code execution

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

CVE-2016-10601

CVE-2016-10601 affects the npm package webdrvr (Selenium Webdriver wrapper). The vulnerability arises because webdrvr downloads binary resources over HTTP, enabling an attacker on the network path to perform a MITM and replace the requested binary with a malicious one, potentially leading to remo...

CVE-2016-10601

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

Downloads Resources over HTTP

Overview Affected versions of webdrvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...