CVE-2016-10628

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10628

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10628.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10628

Aliases

GHSA-pr34-8jfr-xhv8

Published

2018-06-01T18:29:02Z

Modified

2025-07-29T06:59:41.553829Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

References

https://nodesecurity.io/advisories/224

Affected packages

Git / github.com/arian/selenium-wrapper

Affected ranges

Type: GIT
Repo: https://github.com/arian/selenium-wrapper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0b6d75021f54c1dd2a1be8c227e37b8c237723d0

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9