2 matches found
CVE-2020-15660
Geckodriver up to version 0.27.0 is affected by a vulnerability from missing checks on Content-Type headers, enabling CSRF that could lead to remote code execution when paired with a crafted request. Affected component: geckodriver (WebDriver HTTP API). Root cause: improper validation of Content-...
CVE-2021-4138
Geckodriver vulnerability CVE-2021-4138 is supported by the CNNVD entry, which states that geckodriver versions prior to 0.30.0 are affected due to improved host header checks. The issue affects the HTTP API exposed by geckodriver/WebDriver; impact and exploitation details are not deeply describe...