GHSA-M79W-4MQV-R39F windows-seleniumjar downloads Resources over HTTP

Affected versions of windows-seleniumjar insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

windows-seleniumjar remote code execution vulnerability

windows-seleniumjar is a package for downloading selenium jar files in Node.js. A security vulnerability exists in windows-seleniumjar that originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker can exploit this vulnerability by intercepting the...

CVE-2016-10691

windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy...

Remote code execution

windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if...

CVE-2016-10691

CVE-2016-10691 affects the windows-seleniumjar package, which downloads the Selenium Jar over HTTP. The underlying issue is insecure binary/resource retrieval that can be intercepted in a privileged network position, enabling an attacker to swap the downloaded binary and potentially achieve remot...

Arbitrary Code Execution Via Man-in-the-Middle (MitM)

windows-seleniumjar is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability exploitable by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positione...