GHSA-J9Q7-3RHF-4PPV windows-selenium-chromedriver downloads Resources over HTTP

Affected versions of windows-selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

windows-selenium-chromedriver remote code execution vulnerability

windows-selenium-chromedriver is a package for downloading and installing the chromedriver server. A security vulnerability exists in windows-selenium-chromedriver, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit...

CVE-2016-10687

windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...

CVE-2016-10691

windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy...

CVE-2016-10670

windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if...

Downloads Resources over HTTP

Overview Affected versions of windows-selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting ...