selenium-download is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, allowing a malicious user to swap out the requested binary with another binary for the system to execute.
CPE | Name | Operator | Version |
---|---|---|---|
selenium-download | le | 2.0.6 |